我已在localhost:9443上启动并运行wso2身份服务器。 我已经创建了.net应用程序作为服务提供者。我的应用程序使用OIOSAML.NET框架。 我需要SAML格式的wso2 id元数据。它应该是这样的:
<?xml version="1.0"?>
<q1:EntityDescriptor entityID="http://wso:9443/" ID="ide17674a8a4ca424da09d05939a841485" xmlns:q1="urn:oasis:names:tc:SAML:2.0:metadata"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#ide17674a8a4ca424da09d05939a841485"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>yNQMi2eKXcIMbbHgd9pkMR6NrQk=</DigestValue></Reference></SignedInfo><SignatureValue>WxQRp4EZ5AVSsLjqt6jeiqIs2b05Uh8DeiwgmUxc8XnuAVqVvsjhqyzFONKNC56GnmnZSOtO2l8W8hIDw3pNhQhDa6iEdXQHE4flGFZTUlUCL3M5Owc/BN3MMv4dJqMvumMszz79QsTeTAuI779T3APytPOfB92V0+Rw3PrMMX8=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate></X509Data></KeyInfo></Signature>
<q1:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<q1:KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate>
</X509Data>
</KeyInfo>
</q1:KeyDescriptor>
<q1:KeyDescriptor use="encryption">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate>
</X509Data>
</KeyInfo>
</q1:KeyDescriptor>
<q1:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://wso:9443/samlsso" />
<q1:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://wso:9443/samlsso" />
<Attribute Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
<Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
<Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
<Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
<Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
<Attribute Name="urn:dk:oes:2009-10:Xform:attribute:Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
</q1:IDPSSODescriptor>
</q1:EntityDescriptor>
有没有办法导出这个元数据?
答案 0 :(得分:1)
可能是这个回复为时已晚。但是想到分享这个答案,因为这可能对正在搜索WSO2 Identity Server的相同元数据文件的其他人有所帮助。
截至目前,对于WSO2 IS 4.5.0,我们没有生成元数据文件的机制。但你可以手动制作它。下面给出的是手动准备的那种方式的元数据文件。
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://localhost:9443/samlsso" validUntil="2023-09-23T06:57:15.396Z">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"
ResponseLocation="https://localhost:9443/samlsso"/>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://localhost:9443/samlsso"/>
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>