<KeyInfo> 中缺少 ADFS SAML 前缀 ds
Posted
技术标签:
【中文标题】<KeyInfo> 中缺少 ADFS SAML 前缀 ds【英文标题】:ADFS SAML prefix ds missing in <KeyInfo> 【发布时间】:2015-08-19 23:32:33 【问题描述】:我想将令牌证书与来自 ADFS 的 SAML 对象集成。由于 KeyInfo 格式,我可以解析 [使用 C#] 除了证书值之外的所有项目。我认为“KeyInfo”缺少“ds”前缀。我不知道我在哪里做错了。
<samlp:Response ID=\"_00ca83c9-aad0-4210-9174-87ec874c5103\" Version=\"2.0\" xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">
<Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">*******</Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\" /></samlp:Status>
<Assertion ID=\"_bac09d77-c98e-48f6-bf62-8bbbbd1756d9\" IssueInstant=\"2015-08-19T23:07:32.659Z\" Version=\"2.0\" xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\"><Issuer>http://ADFS.*******.com.au/adfs/services/tru</Issuer>
<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">
<ds:SignedInfo></ds:SignedInfo>
<ds:SignatureValue>some value</ds:SignatureValue>
<KeyInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>some value</ds:X509Certificate></ds:X509Data></KeyInfo>
</ds:Signature>
<Attribute Name=\"LastName\"><AttributeValue>FFFF</AttributeValue></Attribute>
<Attribute Name=\"Username\"><AttributeValue>fdfdgf</AttributeValue></Attribute>
<Attribute Name=\"VAL6\"><AttributeValue>AAAAA</AttributeValue></Attribute>
<AuthnStatement AuthnInstant=\"2015-08-19T23:07:32.549Z\"><AuthnContext>
<AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef></AuthnContext></AuthnStatement>
</Assertion>
</samlp:Response>【问题讨论】:
【参考方案1】:试试这个
<?xml version="1.0" encoding="utf-8" ?>
<samlp:Response ID="_00ca83c9-aad0-4210-9174-87ec874c5103" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">*******</Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<Assertion ID="_bac09d77-c98e-48f6-bf62-8bbbbd1756d9" IssueInstant="2015-08-19T23:07:32.659Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>http://ADFS.*******.com.au/adfs/services/tru</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<ds:Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICXTCCA..</ds:X509Certificate>
</ds:X509Data>
</KeyInfo>
</ds:Signature>
<Attribute Name="LastName">
<AttributeValue>FFFF</AttributeValue>
</Attribute>
<Attribute Name="Username">
<AttributeValue>fdfdgf</AttributeValue>
</Attribute>
<Attribute Name="VAL6">
<AttributeValue>AAAAA</AttributeValue>
</Attribute>
<AuthnStatement AuthnInstant="2015-08-19T23:07:32.549Z">
<AuthnContext>
<AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
【讨论】:
感谢您的回复,但我希望在 SAML 对象中将以上是关于<KeyInfo> 中缺少 ADFS SAML 前缀 ds的主要内容,如果未能解决你的问题,请参考以下文章
Spring security SAML:自己的登录页面而不是 ADFS 登录重定向
为啥 spring-saml-extension 和 adfs 2.0 返回 403 错误?