我将saml消息连接到门户网站。 当我尝试使用其他saml消息进行注销时,门户网站会在您的saml响应中向我发送一个错误。
错误:
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" />
</StatusCode>
<StatusMessage>urn:oasis:names:tc:SAML:2.0:status:RequestDenied (urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue)</StatusMessage>
</Status>
我的消息xml:
<samlp:LogoutRequest
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Consent="urn:oasis:names:tc:SAML:2.0:logout:user"
Destination="www.portal..."
ID="_09aee7ce288a1098759c97f309416fd631b396c5"
IssueInstant="2013-04-30T16:23:45"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">issuer</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_09aee7ce288a1098759c97f309416fd631b396c5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="#default samlp saml ds xs xsi"
/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>I8Q8151FOHeyi1hB+Gfs0YrfCaA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>......</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>......</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</saml:NameID>
</samlp:LogoutRequest>
请帮我在我的saml消息中发现错误:)
答案 0 :(得分:1)
您的示例xml缺少根元素的结束标记:</samlp:LogoutRequest>。