Friday, November 24, 2006

CardSpace Backup viewer

Ever wonder what's inside a CardSpace backup file? Now that the codebase can decrypt the backup files, I thought I'd add a quick tool that allows you to peek inside. Here's a little web app which will decrypt your backup file and return the xml inside:

And here's a screencast of how it works:

Tuesday, November 21, 2006

Minor Bug Fixes

I updated the Firefox Selector to fix a few minor bugs introduced in the Managed Cards support update.

Thanks to Axel and to Antoine Galland from Gemalto for trying it out and reporting the bugs.

Sunday, November 19, 2006

Managed Card Support for Firefox

One more important update for the Firefox selector - With this new release, I've added a simple proof-of-concept around Managed Cards.

The Firefox selector now supports importing managed cards, and retrieving tokens from an STS. It only has support for Username/Password authentication over the simple TransportBinding (this means transport security rather than message level security) Also, I've only tested against the may work against other implementations, but I haven't yet focused on interop.

That being said, this now demonstrates a complete end-to-end exchange without any Microsoft components. An opensource STS issuing a token to an opensource Relying Party, via an opensource selector...all on a Mac.

Here's a screencast of how it works:

As always, the selector and source are available at

Saturday, November 18, 2006

Firefox Plugin Updated

Thanks to the hard work of Axel Nennker and his friends, I've posted an update to the Firefox Selector. The selector now has these great features:

1) Support for Firefox 2.0 - the plugin should now work on 1.5+ and 2.0

2) Internationalization Support - Axel added i18n, and has localized to:

  • English
  • German
  • French
  • Norwegian
  • Swedish
  • Turkish
  • Czech
  • Arabic
  • and Chinese

3) There's also initial support for Logotype certificates, so that a website's icon embedded in a certificate can be displayed to the user as part of the verification process

You can download the latest plugin at

Thanks Axel!

Monday, November 06, 2006

STS is finally working

I finally checked in a working copy of the xmldap Security Token Service. It's a simple STS, which only supports the Transport Binding of CardSpace, but it's enough to see managed cards in action.

If you'd like to try it out, go to There you'll find a link to where you can create managed cards. You'll then be able to install them into CardSpace and use them to login to the Relying Party. Below is a screencast which demos the basic steps you should follow:

As always, it's open source. The code is pretty messy at the moment, but if you're curious you can take a look at Special thanks to the other contributors, and the folks at Arcot who figured out one of the missing pieces.