Question

我参考了以下链接，从SOAP UI生成SAML令牌。但是，IS中没有公开服务来验证SAML令牌。 http://charithaka.blogspot.ae/2013/07/broker-trust-relationships-with-wso2.html

SOAP UI中的SAML示例请求 RST请求

{Service.url} /服务/ wso2carbon-STS

{Service.url} /services/wso2carbon-sts.wso2carbon-stsHttpsSoap12Endpoint /

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
            <wsu:Created>2014-12-17T11:59:30.226Z</wsu:Created>
            <wsu:Expires>2014-12-17T11:59:30.226Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
      <wsa:To>https://localhost:9443/services/wso2carbon-sts</wsa:To>
      <wsa:ReplyTo>
         <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
      </wsa:ReplyTo>
      <wsa:MessageID>urn:uuid:258de3bc-c053-4b41-93d5-5d292a896b3a</wsa:MessageID>
      <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
   </soapenv:Header>
   <soapenv:Body>
      <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
         <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</wst:TokenType>
         <wst:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/Bearer</wst:KeyType>
         <wst:Claims xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/02/trust" wsp:Dialect="http://wso2.org/claims">
            <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/emailaddress"></wsid:ClaimType>
            <wsid:ClaimType xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" Uri="http://wso2.org/claims/givenname"></wsid:ClaimType>
         </wst:Claims>
      </wst:RequestSecurityToken>
   </soapenv:Body>
</soapenv:Envelope>

也使用了sts客户端 https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/sts/sts-client

验证在WSO2 IS中给出的令牌 - ＆gt;工具 - ＆gt;在提供生成的RSTR（安全令牌请求响应）时，验证SAML请求似乎不适用于手头的用例。

sts客户端和上面提供的链接有什么区别吗？正在寻找通过SOAP服务（SOAP UI）验证SAML令牌的方法吗？

Answer 1

随WSO2IS 5.0.0提供的示例客户端将调用使用sts保护的服务（echo）。因此，它在访问服务之前验证sts令牌内部，但它没有提供单独的API来验证令牌。

在WSO2 IS中 - ＆gt;工具 - ＆gt;验证SAML请求它仅验证SAML注销请求和登录请求，而不仅仅是SAML断言。

但在IS 5.1.0（从下一版本开始），wso2carbon-sts API将提供验证服务

是否有WSO2 IS服务来验证从wso2carbon-sts生成的SAML令牌

1 个答案: