我想通过SAMLResponse进行SSO,这是在收到Google的authrequest后生成的。但是有了前景,我发现了错误:
Google Apps - 无法访问此帐户,因为我们无法解析登录请求。
由于安全性,电子邮件地址和证书会隐藏。
SAML回复如下:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Destination="https://www.google.com/a/dev.authen2cate.com/acs"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://debug-ad.authen2cate.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XmexZKht13MLScVBPcrd+Dp1+jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Z5u23PrImHZndHYkMbJtj4+n1F7bW3G3GLwogR6wYDLi2vFwt1EzKWSd5ATJjRlTnQT11W8+Wf8P
mlVthcvuQeZY9/jijoOT88y/Li4+B9hgmpnZI6WmgZWtOdRmAUvTvUGF3fR13iUxuttmWCNG+0Bf
bwxj5pnkQOsXVdnDgY0rkN9qe2XxFx3VFuFcoEE3dQVTxLT4xZBsjX+N/ao9b/+tEwQHvdwHsAr7
hDaQWxkSXT5/T8+0Lljtv1NZ4GZHkI59i3f2j8UQ3LR19LfY0EykEvWCHP3x5EdVSarkzYyQOddB
R3480a6KQjJOOw+Hhsu/tL+bWrw2sJ7HpUXVkw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEzzCCA7egAwIBAgI............</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wB4Uiws31Hjx0folWTMCJDrGFniKajRUgTgcVjNo8r/MUoWQEEh7lH7fOBPbdcREUQFllBMNLiFX
uSpKIsQPZVzPOwaWkWkBjTTISmG+nz9FCgOsyZnkWc0HFprC8Eg7x6I2TfPWZ1lKJhIiBWOI35m5
z9Xcr/LhleOPrDq66yTeCHABej4xs5kxFRGdgYtm9fdTQ78psHJseJm7hP6DbVCtVlBkesq7AAd6
r7B9Rj8nEQk4ZVtQWoo/4soF+nFwW6u4UyaLKswystI+B40XTizv4pNYQM6U6XZ+eoYJxTGlW2sU
gkeMWvYgM6BbNu5ex2i2DzTq3/lS8VnTpZEMWQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer>http://debug-ad.authen2cate.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">email_address</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
NotOnOrAfter="2014-01-10T07:43:26Z"
Recipient="https://www.google.com/a/dev.authen2cate.com/acs"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-01-09T07:38:25Z"
NotOnOrAfter="2014-01-10T07:43:26Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://www.google.com/a/dev.authen2cate.com/acs</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-01-09T07:43:26Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>