Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eID Server implementation #32

Closed
Armagetron opened this issue Aug 11, 2017 · 8 comments
Closed

eID Server implementation #32

Armagetron opened this issue Aug 11, 2017 · 8 comments
Assignees
@Armagetron
Labels
bug
Milestone
Setup working eID...

Comments

@Armagetron
Copy link
Collaborator

I started the implementation of the eID Server component specified in BSI TR-03130 Technical Guideline eID-Server, Part I: Functional Specification, Version 2.0.2. This file is accompanied by a zip file BSI TR-03130 TR-eID -Server Schemadateien.

I tried to generate a web service from the WSDL with soapfish. This failed.

So I ran the WSDL trough an online WSDL analyzer. This revealed that external/saml-schema-assertion-2.0.xsd links to the, as of writing this, no longer available xmldsig-core-schema.xsd. A copy is available in the wayback machine.

Next steps are to patch the external/saml-schema-assertion-2.0.xsd that links to the xsd and retry the entire soapfish process again.
@Armagetron Armagetron added the bug label Aug 11, 2017
@Armagetron Armagetron added this to the Setup mock eID backend milestone Aug 11, 2017
@Armagetron Armagetron self-assigned this Aug 11, 2017
@Armagetron
Copy link
Collaborator Author

soapfish requires lxml and iso8601 as dependencies.

@Armagetron
Copy link
Collaborator Author

The WSDL is broken!

Instead of

<wsdl:types>
	<xsd:schema>
		<xsd:import schemaLocation="TR-03130eID-Server.xsd"
			namespace="http://bsi.bund.de/eID/" />
	</xsd:schema>
</wsdl:types>

it has to be

<wsdl:types>
	<xsd:schema>
		<xsd:include schemaLocation="TR-03130eID-Server.xsd" />
	</xsd:schema>
</wsdl:types>

because the XSD implements the same namespace (see w3schools).

@Armagetron
Copy link
Collaborator Author

@nils-wisiol @zervnet is there a way to report this?

@Armagetron
Copy link
Collaborator Author

Now using python-zsi and twisted for generation.

Patching of /usr/lib/python2.7/dist-packages/ZSI/twisted/WSresource.py is required to work on Ubuntu 17.04.

First, change from twisted.web.error import NoResource to from twisted.web.resource import NoResource. Second, move DefaultHandlerChain over the WSAddressHandlerChainFactory definition.

@nils-wisiol
Copy link
Collaborator

Not sure on how to report this to BSI. Can you elaborate on what exactly is wrong, why it is wrong and where did you get this file from? I'll get in touch with BSI.

@Armagetron
Copy link
Collaborator Author

I split the task in some more issues.

#44, #45 and #46

@nils-wisiol
Copy link
Collaborator

Communication with the eID client for online authentication is described in TR-03124-1, Section 2.5 (please see the chart on p14!). It uses the Extended Access Control Protocol (EAC Protocol) defined in TR-03112-7 (Section 3.6). The eID Service Certificate ("Berechtigungszertifikat") is sent in Section 3.6.4.1 (see bottom of p. 50).

This was referenced Aug 19, 2017
Closed
Closed
@larissazech
Copy link
Collaborator

We can only use Governikus' eID Server. Closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Armagetron Armagetron

Labels
bug
Projects
None yet
Milestone
Setup working eID framework with real...
Development

No branches or pull requests
3 participants
@nils-wisiol @Armagetron @larissazech