[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECP with ZXID (Java module)



Lara Cancela <lcancela.itt.android@xxxxxxxxx> said:
> Hello,
> 
> I have to ask you an advice ... I want to do an ECP client on Android mobile
> using SAML v2 with ZXID 0.69(module Java) SP and Authentic or Shibboleth 2
> IdP, so I've thought in two posibilities:
> 
> 1) *"zxidsrvlet.java" on Apache2* to get doing SSO(with libzxidjni.so) on
> domain sp.xxxx.8080 and another new servlet *"androidsrvlet" on Tomcat
> 6.0.29* to get doing ECP steps(with a new JNI library which calls to
> zxidecp.c) on domain sp.xxxx.9999. Both of them would comunicate with JK
> Module
> 
> 2) Or maybe, I've thought it could run with just Tomcat (without Apache2), I
> mean one servlet as the "zxidsrvlet.java" on Tomcat using the libzxidjni.so
> (to get SSO) and the new JNI library to call to zxidecp.c

I recommend you start with just Tomcat (without Apache2). That is easier setup
to get working right. Once you have that working, you can consider whether dabbling
with the more complex setup is worth it.

> What is your opininio about this??
> 
> Thanks a lot, LARA.
> 
> Oh!! My versions exactly are:
> 
> -Apache2 from Ubuntu 10.04.1 repositories + SSL enabled+ SCGI enabled
> -Tomcat 6.0.29
> -OpenSSL 9.8 from Ubuntu 10.04.1 repositories
> -curl-7.21.2
> -zlib-1.2.5
> -ZXID 0.69
> -J2SE 1.6.0_22
> -Android 2.1 Update
> 
> Besides, I wanted to ask about the ECP plugin for firefox (OpenLiberty) ...
> I've got to install the plugin as an extension for my firefox browser but it
> does nothing with the IdP example from the README.pdf ??

As mentioned, I believe this is due to lack of HTTP headers that enable and trigger
the ECP behaviour. Did you check the metadata on both SP and IdP for indication
that they support ECP? Did you sniff the traffic to see if the PAOS, etc. headers are
there?

--Sampo

> Thanks a lot, LARA.