关于simplsamlphp的配置问题,报错找不到元数据怎么解决?

发布于 2022-09-06 02:08:11 字数 5956 浏览 15 评论 0

事情是这样的:现在客户有个需求需要接入aws的cognito,而第三方登陆这里使用cognito提供的saml。
这边服务器使用simplesamlphp框架作为idp;但是当配置好之后、接收到从cognito发出的断言时simplesamlphp提示无法定位元信息:

clipboard.png
我不确定我的配置是哪里出问题了(虽然肯定是哪里出问题了),配置代码如下:

saml20-idp-hosted.php 文件:

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'host' => '__DEFAULT__',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',
        'auth' => 'example-userpass',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
        'authproc' => array(
                100 => array('class' => 'core:AttributeMap', 'name2oid'),
        )
);

saml20-idp-remote.php 文件:

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'metadata-set' => 'saml20-idp-remote',
        'entityid' => 'http://www.saml.com/simplesaml/saml2/idp/metadata.php',
        'SingleSignOnService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SSOService.php',
          ),
        ),
        'SingleLogoutService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php',
          ),
  ),
  'certData' => 'certData',
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
);

提供给cognito的断言:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="urn:amazon:cognito:sp:us-east-1_YaRHr5R7c">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:ContactPerson contactType="technical">
    <md:GivenName>zhong</md:GivenName>
    <md:EmailAddress>40613****@qq.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

求大神解惑

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

南街女流氓 2022-09-13 02:08:11

找到原因了,主要是要配置它的saml20-sp-remote.php文件:

$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'AssertionConsumerService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/saml2/idpresponse',
        'SingleLogoutService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/logout?client_id=7tkior5512sk93rmb5der0aa0r&logout_uri=https://test.dvrskype.com/test/logout',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
        'simplesaml.attributes' => FALSE,
);

最后说一句,官方文档简直有毒,还不如上官方论坛研究下:(

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文