使用ColdFusion的SAML服务提供商

时间:2012-06-18 13:43:22

标签: coldfusion saml-2.0

我正在尝试使用ColdFusion 9对SAML 2.0进行测试。我只想使用SAML生成的xml并进行处理。我正在关注此处提供的文章http://blog.tagworldwide.com/?p=19 (archived version)

但是当我启动xmlSignatureClass(xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","Signature").item(0),javacast("string",""));)时出现错误。

我的测试代码如下 -

<cfxml variable="samlAssertionXML">
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://dummy.com" ID="_4b25fcd29ca107018e952b0ee8606cf9f1a5" IssueInstant="2012-06-01T14:21:18Z" Version="2.0">
    <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">DummyIdP</ns1:Issuer>
    <Status><StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></Status>
    <ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_302d1f1e2e5b39845923a3a21af3906f3e85" IssueInstant="2012-06-01T14:21:18Z" Version="2.0">
        <ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">DummyIdP</ns2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig">
            <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsigrsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
                <ds:Reference URI="_302d1f1e2e5b39845923a3a21af3906f3e85" xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                    <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsigenveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsigsha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
                    <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig">JUtQwTxlNEEwvzF9URMq4RFk1gM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                EHKr7088SiCcgviN56jgupiZlvVItJh3EHXNX/YAlvUuyN05m3beH4IblfKI5KnmTxRsEokKgAAn FvdG9Cv7yA7+m+D9WwmG7uRXQq0aLaoZM9+erGKvFuVjqQ5gGBM0XZBSpGHGHlPSSzmX/PwfuAg4 gvcOjoKfPQHJzArPYFAGD2MAFaS9qedr6kRlv19Jf5HnguyK670MgV9aUTwkWtS2P79K1GGreQP/ yDoEud7NXZw7QmlGrv9WHJdQf4z4jfJ8ZPatMMJH8B+rx/vzCpvbvM3a+XBaG8ZbmHJ2Lse+1ALW UWhktUXI5KIVZaLqK7kH+W7CVvCg1gbQ4oYdWg== 
            </ds:SignatureValue>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                    <ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig">
                        MIIGQjCCBSqgAwIBAgIQJGHmoBo8/XCv/LcgrNMwCjANBgkqhkiG9w0BAQUFADCBujELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR…truncated for ease of reading….DJge Mpl05h0dZIN5y40i3YBRyBWfbzt2dRA+d/B2lAyplxoQK73q4mpR8TmmqpybLF0pfktAZSSS8hUq 47Tl0i4gVH94qQ== 
                    </ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <ns2:Subject>
            <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">A439237</ns2:NameID>
            <ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <ns2:SubjectConfirmationData NotOnOrAfter="2012-06-01T14:22:48Z" Recipient="https://dummy.com"/>
            </ns2:SubjectConfirmation>
        </ns2:Subject>
        <ns2:Conditions NotBefore="2012-06-01T14:20:48Z" NotOnOrAfter="2012-06-01T14:22:48Z">
            <ns2:AudienceRestriction><ns2:Audience>
                    CBTest
                </ns2:Audience></ns2:AudienceRestriction>
            <ns2:AudienceRestriction><ns2:Audience>
                    DummyIdP
                </ns2:Audience></ns2:AudienceRestriction>
        </ns2:Conditions>
        <ns2:AuthnStatement AuthnInstant="2012-06-01T14:21:17Z" SessionIndex="3DiXDmQrg1TbVwcP7zwVAmh8qMM=vkXFrA==" SessionNotOnOrAfter="2012-06-01T14:22:48Z">
            <ns2:AuthnContext>
                <ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
            </ns2:AuthnContext>
        </ns2:AuthnStatement>
        <ns2:AttributeStatement>
            <ns2:Attribute Name="login" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
                    A439237
                </ns2:AttributeValue></ns2:Attribute>
            <ns2:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
                    Carolyn
                </ns2:AttributeValue></ns2:Attribute>
            <ns2:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
                    Brodginski
                </ns2:AttributeValue></ns2:Attribute>
            <ns2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <ns2:AttributeValue>BrodginskiCC@test.com</ns2:AttributeValue>
            </ns2:Attribute>
            <ns2:Attribute Name="company" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
                    test
                </ns2:AttributeValue></ns2:Attribute>
        </ns2:AttributeStatement>
    </ns2:Assertion>
</Response>

</cfxml>
</cfoutput>

    <cfset samlAssertionXML= BinaryEncode(CharsetDecode(samlAssertionXML,"utf-8") ,"Base64")/>

    <!--- <cfdump var="#samlAssertionXML#"><cfabort> --->



    <!--- samlAssertionElement = samlAssertionXML.getDocumentElement(); 
    samlAssertionDocument = samlAssertionElement.GetOwnerDocument(); 
    samlAssertion = samlAssertionDocument .getFirstChild(); 
    SignatureSpecNS = CreateObject("Java", "org.apache.xml.security.utils.Constants"); 
    Init = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
    XMLSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");         
    sigType = XMLSignatureClass.ALGO_ID_SIGNATURE_RSA_SHA1; 
    signature = XMLSignatureClass .init(samlAssertionDocument, javacast("string",""), sigType); 
    samlAssertionElement .insertBefore(signature .getElement(),samlAssertion.getFirstChild());

    TransformsClass = CreateObject("Java", "org.apache.xml.security.transforms.Transforms"); 
    transformEnvStr = TransformsClass.TRANSFORM_ENVELOPED_SIGNATURE; 
    transformOmitCommentsStr = TransformsClass.TRANSFORM_C14N_EXCL_OMIT_COMMENTS; 
    transforms = TransformsClass.init(samlAssertionDocument transforms.addTransform(transformOmitCommentsStr); 
    transforms.addTransform(transformEnvStr); --->

    <cfscript>

        xmlResponse=CharsetEncode(BinaryDecode(samlAssertionXML,"Base64") ,"utf-8"); 
        //writedump(xmlResponse);abort;
        docElement= XmlParse(xmlResponse).getDocumentElement();
        //writedump(docElement);
        SignatureConstants=CreateObject( "Java", "org.apache.xml.security.utils.Constants"); 
        //writedump(SignatureConstants); 
        SignatureSpecNS=SignatureConstants.SignatureSpecNS; 
        //writedump(SignatureSpecNS); 
        xmlSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature"); 
        //writedump(xmlSignatureClass);

        //writedump(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","SignatureValue").item(0));abort; 
        xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","Signature").item(0),javacast("string","")); 
        writedump(xmlSignature);abort; 
        keyInfo=xmlSignatureClass.getKeyInfo(); 
        writedump(keyInfo);abort; 
        X509CertificateResolverCN = "org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolverClass"; 
        keyResolver=CreateObject("Java", X509CertificateResolverCN) .init(); 
        keyInfo.registerInternalKeyResolver(keyResolver); 
        x509cert = keyInfo.getX509Certificate();


    </cfscript>

我得到的错误是 -

Unknown canonicalizer. No handler installed for URI http://www.w3.org/2001/10/xml-exc-c14n 

任何使用ColdFusion在SAML服务提供商方面工作过的人?

谢谢, NASAA

1 个答案:

答案 0 :(得分:2)

我发现了问题。因为它是一个coldfusion脚本,我从xml中删除了导致问题的#。添加转义字符后,它可以正常使用