From: <glassfish_at_javadesktop.org>
Date: Wed, 21 Jan 2009 03:11:50 PST

Hi,

I'm trying to develop a Windows CardSpace complaint STS using the Metro.

When the relying party requests SAML 1 (urn:oasis:names:tc:SAML:1.0:assertion) token it works fine.
But when the relying party requests SAML 2 (urn:oasis:names:tc:SAML:2.0:assertion) tokens, the resulting SAML token does not contain saml attributes.

In both cases the RequestSecurityTokenResponse contains the following DisplayToken:

[code]
<RequestedDisplayToken:RequestedDisplayToken xmlns="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:RequestedDisplayToken="http://schemas.xmlsoap.org/ws/2005/05/identity">
        <DisplayToken>
            <DisplayClaim Uri="http://namespace/localPart" xmlns="" xmlns:ns12="http://schemas.xmlsoap.org/ws/2005/05/identity">
                <ns12:DisplayTag>localPart</ns12:DisplayTag>
                <ns12:DisplayValue>string1</ns12:DisplayValue>
            </DisplayClaim>
            <DisplayClaim Uri="http://sun.com/token-requestor" xmlns="" xmlns:ns12="http://schemas.xmlsoap.org/ws/2005/05/identity">
                <ns12:DisplayTag>token-requestor</ns12:DisplayTag>
                <ns12:DisplayValue>authenticated</ns12:DisplayValue>
            </DisplayClaim>
        </DisplayToken>
    </RequestedDisplayToken:RequestedDisplayToken>
[/code]

So the attributes are obviously processed by the STS.
Also Windows CardSpace says "The card contents are not available in a format that you can examine." despite the returned DisplayToken.

Why are the attributes not in SAML 2 token?


Thanks in advance.

regards
robert
[Message sent by forum member 'wierob' (wierob)]

http://forums.java.net/jive/thread.jspa?messageID=327356