kclement / eid-idp Goto Github PK

Add some info about how to enable hashing for the unique Rijksregister Number / 
point to Privacy Commission.

What steps will reproduce the problem?
1.Visit https://www.e-contract.be/eid-idp/authentication
2. Java applet loads
3. Error message 'algemene fout' 

What is the expected output? What do you see instead?
eID Applet - Copyright (C) 2008-2013 FedICT.
Released under GNU LGPL version 3.0 license.
More info: http://code.google.com/p/eid-applet/
checking applet privileges...
security manager permission check for java 1.6...
checking web application trust...
running privileged code...
eID browser applet version: 1.1.3
Java version: 1.7.0_51
Java vendor: Oracle Corporation
OS: Windows 7
OS version: 6.1
OS arch: x86
Web application URL: https://www.e-contract.be/eid-idp/authentication
Current time: Tue Jan 28 20:35:06 CET 2014
session cookie detected
sending message: HelloMessage
current protocol state: null
protocol state transition: INIT
SSL handshake finish cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
error: no protocol version header
error type: java.lang.RuntimeException
at be.fedict.eid.applet.shared.protocol.Unmarshaller.receive:222
at be.fedict.eid.applet.Controller.sendMessage:201
at be.fedict.eid.applet.Controller.run:249
at be.fedict.eid.applet.Applet$AppletThread$1.run:602
at java.security.AccessController.doPrivileged:-2
at be.fedict.eid.applet.Applet$AppletThread.run:597
at java.lang.Thread.run:-1
Algemene fout.

What version of the product are you using? On what operating system?
Java7U51
Win 7, Win 8.1 X64
Chrome, internet explorer

Please provide any additional information below.
[email protected]

What steps will reproduce the problem?
1. Attempt to deploy "eid-trust-service-deploy-1.0.0.GA.ear" on WebLogic Server 
12c (12.1.1)

What is the expected output? What do you see instead?

Deployment should succeed, but instead the following error is reported:

The attribute [fireDate] from the entity class [class be.
fedict.trust.service.entity.ClockDriftConfigEntity] does not specify a temporal 
type. A temporal type must be specified for persistent fields or properties of 
type java.util.Date and java.util.Calendar.

What version of the product are you using? On what operating system?

1.0.0 GA on Windows (but OS is not relevant)

Please provide any additional information below.

According to section 11.1.47 there should indeed by a Temporal annotation:

The  Temporal annotation must be specified for persistent fields or properties 
of type java.util.Date and java.util.Calendar. It may only be specified for 
fields or properties of these types.

Note that I also manually had to add the following JAR's to the EAR:

bcmail-jdk16-1.45.jar
bctsp-jdk16-1.45.jar

Should I report a separate issue for this ? Other JAR's might as well be 
necessary.
Or are the Idp and trust service only supported on Jboss?

Hi,

We have setup our own idp server with this google code base.

I have linked it to our drupal installation with the beididp module and have 
mapped several fields including the photo.

Everything goes wel (almost). All fields are working except for the photo. I 
have mapped it to http://axschema.org/eid/photo but when i try to login with my 
belgium id it gives me the following error:

Your request was invalid: Binary attribute type not supported for OpenID 
(uri=http://axschema.org/eid/photo

Can anyone help me with this ?

Kind regards,
SAnder

What steps will reproduce the problem?
1. revision 432
2. build on Windows (software see below)
3. Error in a test

What is the expected output? What do you see instead?

Expected: no error in a test
Instead: error in a test

Tests in error:
  testOpenIDSpike(test.unit.be.fedict.eid.idp.protocol.openid.OpenIDSSLProtocolServiceTest): java.lang.UnsupportedOperationException


What version of the product are you using? On what operating system?

Apache Maven 3.0.4 (r1232337; 2012-01-17 09:44:56+0100)
Maven home: C:\turtoisesvn\apache-maven-3.0.4\bin\..
Java version: 1.7.0_09, vendor: Oracle Corporation
Java home: C:\Program Files\Java\jdk1.7.0_09\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 7", version: "6.1", arch: "x86", family: "windows"

Please provide any additional information below.

Tests in error:
  testOpenIDSpike(test.unit.be.fedict.eid.idp.protocol.openid.OpenIDSSLProtocolS
erviceTest): java.lang.UnsupportedOperationException

Tests run: 4, Failures: 0, Errors: 1, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] FedICT eID Identity Provider Project .............. SUCCESS [0.390s]
[INFO] FedICT eID Identity Provider Common ............... SUCCESS [1.667s]
[INFO] FedICT eID Identity Provider SPI .................. SUCCESS [2.520s]
[INFO] FedICT eID Identity Provider SAML 2 Common ........ SUCCESS [5.288s]
[INFO] FedICT eID IdP SAML2 Protocol Service Provider SPI  SUCCESS [0.798s]
[INFO] FedICT eID IdP SAML2 Web Service .................. SUCCESS [7.017s]
[INFO] FedICT eID IdP SAML2 Protocol Service Provider .... SUCCESS [12.015s]
[INFO] FedICT eID IdP SAML2 Protocol Service ............. SUCCESS [17.312s]
[INFO] FedICT eID IdP OpenID Protocol Service Provider SPI  SUCCESS [0.546s]
[INFO] FedICT eID IdP OpenID Protocol Service Provider ... SUCCESS [1.419s]
[INFO] FedICT eID IdP OpenID Protocol Service ............ FAILURE [5.280s]
[INFO] FedICT eID IdP WS-Trust JAX-WS .................... SKIPPED
[INFO] FedICT eID IdP WS-Federation Protocol Service ..... SKIPPED
[INFO] FedICT eID IdP WS-Federation Protocol Service Provider SPI  SKIPPED
[INFO] FedICT eID IdP WS-Federation Protocol Service Provider  SKIPPED
[INFO] FedICT eID Identity Provider JPA Entities ......... SKIPPED
[INFO] FedICT eID Identity Provider SQL DDL .............. SKIPPED
[INFO] FedICT eID Identity Provider Model ................ SKIPPED
[INFO] FedICT eID IdP Webapp Control ..................... SKIPPED
[INFO] FedICT eID Identity Provider Webapp ............... SKIPPED
[INFO] FedICT eID Identity Provider Admin Webapp ......... SKIPPED
[INFO] FedICT eID IdP Admin Webapp Control ............... SKIPPED
[INFO] FedICT eID IdP Service Provider Test Webapp ....... SKIPPED
[INFO] FedICT eID IdP Age Derived Attribute .............. SKIPPED
[INFO] FedICT eID Identity Provider EAR .................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

fetching the attribute http://axschema.org/birthDate results in exception 
"Invalid birthdate value. Must be in the form yyyy-MM-dd"

1. Follow the video on http://www.youtube.com/watch?v=7AFGfWj7q5Q&hd=1 in 
Visual Studio 2010 and use 
http://e-contract.be/eid-idp/endpoints/ws-federation/metadata/auth-ident-metadat
a.xml as STS
2. Run the application
3. You get the error "webpage not found" 
https://e-contract.be:80/eid-idp/protocol/ws-federation/auth-ident?wa=wsignin1.0
&wtrealm=http%3a%2f%2flocalhost%3a64171%2fWebSite3%2f&wctx=rm%3d0%26id%3dpassive
%26ru%3d%252fWebSite3%252fdefault.aspx%253f&wct=2012-12-12T14%3a00%3a29Z

In web.config, change 
<wsFederation passiveRedirectEnabled="true" 
issuer="https://e-contract.be:80/eid-idp/protocol/ws-federation/auth-ident"
to
<wsFederation passiveRedirectEnabled="true" 
issuer="https://e-contract.be/eid-idp/protocol/ws-federation/auth-ident"
(remove the :80 from the issuer URL).

Now it works.

What steps will reproduce the problem?
1. when reading the e-ID the street information is extracted into one field, 
and not in street / housenr / box

What is the expected output? What do you see instead?
Is this information structured in a specific standardize way, so you can put an 
algorithm on top to extract the e-id street information into 
Street/Housenumber/Box?

What version of the product are you using? On what operating system?
I'm using SAML2 via SAML toolkit for PHP on a Microsoft OS using Apache server.

Please provide any additional information below.

Using https://www.e-contract.be/eid-idp/authentication on Windows 7, 64 bit, it 
takes 20 seconds to load the Java applet in Chrome 16.0.912

Then the applet starts but eventually the authentication fails.

eID Applet - Copyright (C) 2008-2011 FedICT.
Released under GNU LGPL version 3.0 license.
More info: http://code.google.com/p/eid-applet/
checking applet privileges...
security manager permission check for java 1.6...
checking web application trust...
running privileged code...
eID browser applet version: 1.0.5.Beta1
Java version: 1.6.0_30
Java vendor: Sun Microsystems Inc.
OS: Windows 7
OS version: 6.1
OS arch: x86
Web application URL: https://www.e-contract.be/eid-idp/authentication
Current time: Fri Feb 03 13:22:20 CET 2012
session cookie detected
sending message: HelloMessage
current protocol state: null
protocol state transition: INIT
error: Connection timed out: connect
error type: java.net.ConnectException
at java.net.PlainSocketImpl.socketConnect:-2
at java.net.PlainSocketImpl.doConnect:-1
at java.net.PlainSocketImpl.connectToAddress:-1
at java.net.PlainSocketImpl.connect:-1
at java.net.SocksSocketImpl.connect:-1
at java.net.Socket.connect:-1
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect:-1
at sun.net.NetworkClient.doConnect:-1
at sun.net.www.http.HttpClient.openServer:-1
at sun.net.www.http.HttpClient.openServer:-1
at sun.net.www.protocol.https.HttpsClient.<init>:-1
at sun.net.www.protocol.https.HttpsClient.New:-1
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient:-
1
at sun.net.www.protocol.http.HttpURLConnection.plainConnect:-1
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect:-1
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream:-1
at sun.net.www.protocol.http.HttpURLConnection.getInputStream:-1
at java.net.HttpURLConnection.getResponseCode:-1
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode:-1
at be.fedict.eid.applet.Controller.sendMessage:181
at be.fedict.eid.applet.Controller.run:247
at be.fedict.eid.applet.Applet$AppletThread$1.run:602
at java.security.AccessController.doPrivileged:-2
at be.fedict.eid.applet.Applet$AppletThread.run:597
at java.lang.Thread.run:-1
Generic Error.




(Works with IE9 on the same machine, applet loads immediately, authentication 
OK)

Would be nice if the OpenID IDP could optionally send the citizen's picture (as 
stored on the eID card).

Oracle Java JDK 1.7.0.45 (32-bit) with Netbeans 7.4

Checking out of latest source, building from scratch yields this error:

Processing: 
.../NetBeansProjects/idp/trunk/eid-idp-ws-trust/src/wsdl/ws-trust-1.3.wsdl
jaxws:wsimport args: ...
unrecognized parameter -encoding

Usage: wsimport [options] <WSDL_URI>
....


Apparently jaxws-tools 2.2.5 does not support encoding parameter.
Changing version to 2.2.6 in eid-idp-ws-trust\pom.xml seems to fix it.

Wouldn't it be easier if the links on the government website 
(http://eid.belgium.be/en/developing_eid_applications/) would be adjusted to 
websites that are maintained. A page like: https://www.e-contract.be/start/ is 
hard to find and a lot more helpfull to reference to instead of this page that 
soon will turn on read-only mode.

Hi, I tried to deploy and test the application on ubuntu 11 and on windows XP.

After set up my DB, I just run the Jboss as it delivred (no modification).  

I got the same error, the activation of the “queue/trust/harvester” seems 
to fail and return this message “HornetQException[errorCode=105 
message=Unable to validate user: null for check type CONSUME for address 
jms.queue.TrustServiceHarvester]”

Perhaps the bug is in the configuration of the users or group of HornetQ.

I attached the StackTrace of the issue.

Best regards,
Olivier

What steps will reproduce the problem?
1. Set up be.fedict.eid.idp.sp.protocol.openid.AuthenticationRequestServlet and 
be.fedict.eid.idp.sp.protocol.openid.AuthenticationResponseServlet in web.xml 
(see documentation)
2. Login using https://www.e-contract.be/eid-idp/authentication
3. The final page is shown (This page will automatically navigate you back to 
your web application.)

What is the expected output? What do you see instead?
The authentication provider does not redirect back to the web application. It 
just keeps showing the last page. There doesn't seem to be any stacktrace.

What version of the product are you using? On what operating system?
1.0.0.GA
Chrome 22.0.1229.94 m
Windows 7

Please provide any additional information below.
It only happens on the laptop of our QA person and only in Chrome. It doesn't 
happen on our development machines nor on someone else's laptop (same model). 
We will provide additional information as soon as we know more.

Section 3.1.1. eID IdP Service Identity can be improved

"The eID IdP should have a service identity configured. This identity will be 
used to sign outgoing SAML v2.0 responses and the SAML v2.0 assertions embedded 
in the WS-Federation Security Token."

Questions / improvements:

- Is this only SAML 2, or also OpenID and other protocols.
- Perhaps point to TSS manual 4.2.2 Configuration on how to configure this 
identity ?
- A screenshot would be nice