Virtuoso Open-Source Edition: Using Virtuoso's WebID? Identity Provider (IdP?) Proxy Service with an X.509 certificate bearing an LDAP scheme WebID?

Virtuoso Open-Source, OpenLink Data Spaces, and OpenLink Ajax Toolkit

Useful Pages


Feeds

Subscribe to feeds of the changes to this site in the following formats:

Search

Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate bearing an LDAP scheme WebID

What?

A callback supporting service that enables third parties verify WebIDs via RESTful interaction patterns.

Why?

Most Web Developers and Users prefer to do plumbing as opposed to wholesale development in the course of web exploitation. Thus, federated services to which responsibilities can be delegated are always beneficial.

How?

This verification service offers a user-friendly alternative to manually querying SPARQL endpoints; i.e., checking whether a WebID and Public Key are related within a profile graph.

The service currently supports WebIDs based on the ldap:, http:, mailto:, acct: URI schemes. Other URI schemes will be added over time.

curl Examples

Example with No certificate

  1. Execute the following command: 

    $ curl -i -k   https://id.myopenlink.net/ods/webid_check.vsp?callback=http://id.myopenlink.net/myapp/
HTTP/1.1 302 Found
Server: Virtuoso/06.03.3131 (Linux) x86_64-generic-linux-glibc25-64  VDB
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 Jan 2012 15:02:16 GMT
Accept-Ranges: bytes
Location: http://id.myopenlink.net/myapp/?error=noCert&ts=2012-01-05T10%3A02%3A16-05%3A00&signature=TLNskapgUg75%2FzJSRe154RloH%2FE%3D
Content-Length: 0

  2. Error for no certificate should be returned.

Example with Valid WebID

  1. Generate certificate with WebID for ex.: 

    http://id.myopenlink.net/dataspace/person/demo#this

  2. Export the certificate, for ex. if you are using Firefox, as demo.p12 and save it to your local FS.
  3. Execute the following command, using cygwin for ex.: 

    $ openssl pkcs12 -in demo.p12 > demo.pem

Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

  4. Test the WebID Proxy Service by executing the following command: 

    $ curl -i -k --cert demo.pem  https://id.myopenlink.net/ods/webid_check.vsp?callback=http://id.myopenlink.net/myapp/
Enter PEM pass phrase:
HTTP/1.1 302 Found
Server: Virtuoso/06.03.3131 (Linux) x86_64-generic-linux-glibc25-64  VDB
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 Jan 2012 16:08:13 GMT
Accept-Ranges: bytes
Location: http://id.myopenlink.net/myapp/?webid=http%3A%2F%2Fid.myopenlink.net%2Fdataspace%2Fperson%2Fdemo%23this&ts=2012-01-05T11%3A08%3A13.000004-05
%3A00&signature=a17coYTjgrPnz%2FmEi9OVRwiTEa8%3D
Content-Length: 0

  5. In case of successful verification, the WebID, Timestamp and Signature should be returned.

Using the Testing Service Endpoint: Sample Scenario

Prerequisites

  1. Make sure the ODS Framework package is installed,
  2. Generate an X.509 Certificate hosted WebID for the user. For example, user "demo" could generate a Certificate at http://ods-qa.openlinksw.com/ods/.

Steps

  1. Access the Testing service endpoint: https://<Virtuoso host or IP address>[:<ssl-port>]/ods/webid_check.vsp, e.g., https://id.myopenlink.net:443/ods/webid_check.vsp
  2. The browser should prompt for identification. Select the certificate generated above, and click "OK".



  3. The WebID Identity Provider UI should be presented:



  4. Enter a Requesting service endpoint, for example: 

    https://ods-qa.openlinksw.com/ods/





  5. Click "Go".
  6. When prompted for verification, again the certificate generated above and click "OK":



  7. You should now be redirected to a log in page which has recognized the certificate's WebID, and a "WebID Login" should be offered:



  8. Click the "WebID Login" button.
  9. You should now be successfully logged in:



Related

Powered By Virtuoso