UVOS client question

> Dear all,
>
> I'm using UVOS to do AA in one of our projects. There is a handler
> that calls UVOS to query entity attributes for users of services. This
> works well in one of my environments, but not in the other. I tried to
> make out any major differences in the environment, e.g. installed
> libraries, but to no avail.
>
> Krzysztof, maybe you can help me with this.
>
> ==================================================
> 2009-06-22 15:57:51,932 [http-9911-2] ERROR
> eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler  - Something
> wrong in eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler
> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UnsupportedSAMLException:
> Unknown type of attribute value received, value <xml-fragment
> urnx1:scope="/UNICORE/UUDB/SMARTLM-FZJ"
> xsi:type="urnx1:ScopedStringAttributeValueType"
> xmlns:urnx0="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
> xmlns:urnx1="urn:vo:SAML:2.0:attribute:ext"
> xmlns:urn="urn:oasis:names:tc:SAML:2.0:assertion"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">FZJ</xml-fragment>
>         at
> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper.mapAttrValue2APIAttr(SAMLXMLBeansMapper.java:128)
>
>         at
> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper.map2APIAttributes(SAMLXMLBeansMapper.java:65)
>
>         at
> pl.edu.icm.unicore.uvos.wsclient.samlapi.SAMLVOQueryClient.getAttributesGeneric(SAMLVOQueryClient.java:305)
>
>         at
> pl.edu.icm.unicore.uvos.wsclient.samlapi.SAMLVOQueryClient.getAttributes(SAMLVOQueryClient.java:120)
>
>         at
> eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler.invoke(UVOSAuthenticationHandler.java:117)
>
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> ==================================================
>
> Best regards,
> Björn
> ------------------------------------------------------------------------------
> Are you an open source citizen? Join us for the Open Source Bridge conference!
> Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
> Need another reason to go? 24-hour hacker lounge. Register today!
> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
> ------------------------------------------------------------------------
>
> _______________________________________________
> Unicore-support mailing list
> Unicore-support@...
> https://lists.sourceforge.net/lists/listinfo/unicore-support
>  

>>> I managed to connect my UNICORE to UVOS. For that I used the demo
>>> user. The log state that all set attributes are fetched from UVOS,
>>> but I get a lot of errors when adding the Attributes into the XACML
>>> Request.
>>>
>>> 2009-05-15 09:25:27,213 [btpool0-2] WARN  AttributesCallback  - Got
>>> SAML attribute with unsupported XACML DataType:
>>> urn:SAML:voprofile:ScopedAttribute. Attribute name is:
>>> urn:unicore:attrType:role
>>> 2009-05-15 09:25:27,213 [btpool0-2] WARN  AttributesCallback  - Got
>>> SAML attribute with unsupported XACML DataType:
>>> urn:SAML:voprofile:ScopedAttribute. Attribute name is:
>>> urn:unicore:attrType:role

> Hi Björn,
>
> I had the same problem a few weeks ago. I attached a patch for the
> uas-authz lib that solves the problem. Krzysztof made that patch for me.
>
> MFG
> André
>> Dear all,
>>
>> I'm using UVOS to do AA in one of our projects. There is a handler
>> that calls UVOS to query entity attributes for users of services. This
>> works well in one of my environments, but not in the other. I tried to
>> make out any major differences in the environment, e.g. installed
>> libraries, but to no avail.
>>
>> Krzysztof, maybe you can help me with this.
>>
>> ==================================================
>> 2009-06-22 15:57:51,932 [http-9911-2] ERROR
>> eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler  - Something
>> wrong in eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler
>> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.UnsupportedSAMLException:
>> Unknown type of attribute value received, value <xml-fragment
>> urnx1:scope="/UNICORE/UUDB/SMARTLM-FZJ"
>> xsi:type="urnx1:ScopedStringAttributeValueType"
>> xmlns:urnx0="urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML"
>> xmlns:urnx1="urn:vo:SAML:2.0:attribute:ext"
>> xmlns:urn="urn:oasis:names:tc:SAML:2.0:assertion"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">FZJ</xml-fragment>
>>         at
>> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper.mapAttrValue2APIAttr(SAMLXMLBeansMapper.java:128)
>>
>>         at
>> pl.edu.icm.unicore.uvos.wsapi.xmlbeans.SAMLXMLBeansMapper.map2APIAttributes(SAMLXMLBeansMapper.java:65)
>>
>>         at
>> pl.edu.icm.unicore.uvos.wsclient.samlapi.SAMLVOQueryClient.getAttributesGeneric(SAMLVOQueryClient.java:305)
>>
>>         at
>> pl.edu.icm.unicore.uvos.wsclient.samlapi.SAMLVOQueryClient.getAttributes(SAMLVOQueryClient.java:120)
>>
>>         at
>> eu.smartlm.security.aa.handlers.UVOSAuthenticationHandler.invoke(UVOSAuthenticationHandler.java:117)
>>
>>         at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>> ==================================================
>>
>> Best regards,
>> Björn
>> ------------------------------------------------------------------------------
>> Are you an open source citizen? Join us for the Open Source Bridge conference!
>> Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
>> Need another reason to go? 24-hour hacker lounge. Register today!
>> http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Unicore-support mailing list
>> Unicore-support@...
>> https://lists.sourceforge.net/lists/listinfo/unicore-support
>>  
>
>
>
> ------------------------------------------------------------------------
>
> Betreff:
> Re: [Unicore-support] Custom UVOS Attributes
> Von:
> Krzysztof Benedyczak <golbi@...>
> Datum:
> Tue, 19 May 2009 16:38:16 +0200
> An:
> André Höing <andre.hoeing@...>
>
> An:
> André Höing <andre.hoeing@...>
>
>
> Hi,
>
> André Höing pisze:
>>>> I managed to connect my UNICORE to UVOS. For that I used the demo
>>>> user. The log state that all set attributes are fetched from UVOS,
>>>> but I get a lot of errors when adding the Attributes into the XACML
>>>> Request.
>>>>
>>>> 2009-05-15 09:25:27,213 [btpool0-2] WARN  AttributesCallback  - Got
>>>> SAML attribute with unsupported XACML DataType:
>>>> urn:SAML:voprofile:ScopedAttribute. Attribute name is:
>>>> urn:unicore:attrType:role
>>>> 2009-05-15 09:25:27,213 [btpool0-2] WARN  AttributesCallback  - Got
>>>> SAML attribute with unsupported XACML DataType:
>>>> urn:SAML:voprofile:ScopedAttribute. Attribute name is:
>>>> urn:unicore:attrType:role
> [CUT]
>> As you can see none of the self inserted attributes are included in the
>> XACML Request. It still seems the Datatype problem. What am I doing wrong?
>
> I've fixed this and also added a generic support for scoped attributes.
> The fix will be available in the next UNICORE release or patch. If you
> want to play with it now then in the attachment there is a jar file -
> you can simply replace the old library in the unicorex/lib with it.
>
> Best regards and thanks for the bug report!
> Krzysztof

> Hi Bjorn and Andre,
>
> W dniu 22.06.2009 21:49, Björn Hagemeier pisze:
>> Dear André,
>>
>> thank you very much for your help. As a matter of fact, I was able to
>> solve my problem before I left work. I had to copy some libraries
>> (SAMLtypes and samly2) to my axis2/WEB-INF/lib directory. Apparently,
>> they weren't picked up from the .mar module, which requires the JARs to
>> be available. I'm not sure, whether I need both of them, but at least
>> things now work for me. I will have to see, if a self-contained module
>> can still be built for easy deployment in vanilla Axis2.
>>
>> I will also have a closer look at the patch you and Krzysztof provided.
>> Krzysztof, could you explain how your patch solves the problem and how
>> my problem was related to André's problem, if at all.
>
> So as Andre suggested it was the same problem that he had. Whether its
> working or not can depend on the libraries you use (uas-authz in the
> unicore 6.2, in 6.1 it was uas-vo).
>
> Current status is that there was a bug (or more exactly speaking a TODO
> left ;-) in 6.2. I've fixed in in the current trunk, so the next version
> should be ok. I also sent the fixed library to Andre.