SAML 断言响应
我正在研究 idp 发起的身份验证。我已经创建了一个响应发送给销售人员,但停留在某一时刻。请参阅下面的 XML 代码。告诉我从哪里可以获得填充这些标签的值。
XML 代码: 这是 IDP 向 SP 发布的 SAMLAssertion 的一部分验证。
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#s2541b842781b7edbe3b3077bf7d11bae88eaa73e7">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MnTEd3S3uu7MvGAFE5iB8DEhr9U=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Jf/FNn5309vTWMKJ1o5sdMV/tY/Y+LV3F2eK4+LaIlmKYUHPInX4h+mUg3ef3IXTJ16aYu0A7aRK dHMc3UDF5BlMvfOEpGMEdARQY0O+VzkLJjZMDKG3DlSpfcVZrw/rm4wlZ6oYwhZEOhS0Gi3OOoeR jQn1ONABsfiprr1BYYo=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEijCCA/OgAwIBAgIQPn+ClEjH2V3Jynt7u3v+XzANBgkqhkiG9w0BAQUFADCBujEfMB0 GA1UEChMWVmVyaVNpZ24gVoycE7oe0xvQEad1Hs6xHCRDbJVIr4=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
I am working on idp-initiated authentication. I have created a response to be sent to SalesForce but stuck at one point. See the XML code below. Tell me from where I can get values to be fill in these tags.
<SignatureValue>, <X509Certificate> and <DigestMethod>
XML CODE: This is the part of SAMLAssertion that IDP posts to SP for authentication.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#s2541b842781b7edbe3b3077bf7d11bae88eaa73e7">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>MnTEd3S3uu7MvGAFE5iB8DEhr9U=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Jf/FNn5309vTWMKJ1o5sdMV/tY/Y+LV3F2eK4+LaIlmKYUHPInX4h+mUg3ef3IXTJ16aYu0A7aRK dHMc3UDF5BlMvfOEpGMEdARQY0O+VzkLJjZMDKG3DlSpfcVZrw/rm4wlZ6oYwhZEOhS0Gi3OOoeR jQn1ONABsfiprr1BYYo=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEijCCA/OgAwIBAgIQPn+ClEjH2V3Jynt7u3v+XzANBgkqhkiG9w0BAQUFADCBujEfMB0 GA1UEChMWVmVyaVNpZ24gVoycE7oe0xvQEad1Hs6xHCRDbJVIr4=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
检查断言中“硬编码”的证书是否与导入 SalesForce.com 的证书相同。上述消息表明情况并非如此。
确保您使用正确的类以便为响应签名。
Check that the certificate 'hard-coded' into the assertion is that same as the certificate imported into SalesForce.com. The above message would suggest that this is NOT the case.
Make sure that you are using proper classes in order make signature for response.