From: Chuck Mortimore
Sent: Tuesday, March 06, 2007 5:50 PM
To: Pamela Dingle
Cc: Eric Norman; Neil Macehiter; Kim Cameron
Subject: Re: Figured out the xmldap/firefox issue
Weird….Sorry I've been quiet – very busy at work these days.
– cmortOn 3/6/07, Pamela Dingle wrote:Ha, I figured it out.Since you said that nothing had changed on your box since when it
started working and when it didn't, I started going through my software
update logs. Nothing there. But then I went to mozilla.com and checked
release dates there.Turns out Firefox
184.108.40.206 came out on Feb 23. At some point you must
have updated, and things started failing. To prove this, I just
downgraded to FF 220.127.116.11 — and presto, Chuck's plugin works. So the
issue is an incompatibility between FF 18.104.22.168 and xmldap 0.8.6.I'm going to blog this ASAP so people know what is going on… thanks
for twigging me onto the right path Eric, I'm so glad I can finally
explain what's going on!
Eric Norman wrote:
> On Mar 6, 2007, at 2:57 PM, Neil Macehiter wrote:
>> My results are totally consistent with Pam's. I am unable to login to
>> either Kim's identityblog or Chuck's Java relying party using XMLDAP
>> (version 0.8.6) on Mac OS X 10.4.8 (PowerPC) with Firefox 22.214.171.124. I
>> have JRE 5 installed.
>> Interestingly, on the 2nd March I was able to login to Kim's
>> identityblog using XMLDAP (and I am pretty sure I was also able to
>> login to the Java Relying Party but I can't swear on it).
>> I am encountering no such problems on Windows.
> Here's some observations from me that might lead to a clue about Firefox
> on a Macintosh. Then again, they might not.
> With Firefox on a Macintosh, there's an extra icon under preferences
> called “Identity Selector”. You have 2 choices: Microsoft CardSpace or
> XMLDAP. I have always set it to XMLDAP. I have no idea what the
> purpose of this preference is or why it's even offering me a choice
> about Microsoft. But anyway, I tried them both. As near as I can tell,
> it doesn't make any difference.
> The only reason I'm mentioning this is that it is something would be
> different between Firefox and Windows and on Macintosh.
> When I get to the page with the “Invoke Identity Selector” button,
> I get two buttons. The source for the page says there should only
> be one — see attachments 1 (.tiff) and 2 (source). So I think that
> the <OBJECT> element is messing up the rendering.
> If I click on the upper button, I get an identity selector and don't
> see the error until I select and send a card. If I click on the
> lower button, I get an error immediately. And it's a different error
> page that says code = EMPTYTOKEN.
> However, I sure don't think I saw the double button Sunday when
> this used to work at KIm's blog (but maybe I did and just don't
> remember). Anyway, this sure is curious.
> <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd “>
> <html xmlns=”http://www.w3.org/1999/xhtml“>
> <meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
> <title>Information Card Invocation</title>
> This site is under maintenance – anything is possible<br/>
> <br/>This page contains the hidden form object that specifies required and optional claims, and invokes the Identity Selector.<br/>
> View the page source to see the object.<br/>
> Net Agent: septemberAgent
> User agent string:<br/><br/><pre>Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:126.96.36.199) Gecko/20070219 Firefox/188.8.131.52</pre><br/> <form name=”ctl00″ id=”ctl00″ method=”post” action=” https://pamelaproject.com/debug/wp-content/plugins/wp-infocard/processing/infocard-post.php“>
> <OBJECT type=”application/x-informationCard” name=”xmlToken”>
> <PARAM Name=”tokenType” Value=”urn:oasis:names:tc:SAML:1.0:assertion”/>
> <PARAM Name=”requiredClaims” Value=” http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier“/>
> <br/>No clickback detected<br/>
> <input type=”submit” value=”Invoke Identity Selector”/>