我是SAML的初学者。 我编写了一个代码,以xml格式在文件中获取Saml2SecurityToken。但是我得到的xml不包含标签中的SAML。
实际:
<?xml version="1.0" encoding="utf-8"?>
<Assertion ID="_750e2198-2802-43ed-a6a8-3c991cdd1531" IssueInstant="2014-12-05T13:13:22.822Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
.....
</Assertion>
预期:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="_7cfb8b12d1b08367d163fea9c81d8e98" IssueInstant="2014-03-20T17:54:10.107Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">THE_ISSUER_ID (Typically a URL)</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_23dcb09d50ddf580e2186836c0ffddff" IssueInstant="2014-03-20T17:54:10.099Z" Version="2.0">
.......
</saml2:Assertion>
</saml2p:Response>
以下是我为生成安全令牌和写入文件而编写的代码:
public static void SsoRequest(string content, string arguments)
{
try
{
string identifier = Guid.NewGuid().ToString();
string _privateCertificatepath = Engine.ConfigFiles[SSO.SAMLConfigurationName]["PrivateCertificatePath"].Value;
byte[] _certificateByte = System.IO.File.ReadAllBytes(_privateCertificatepath);
string password = Engine.ConfigFiles[SSO.SAMLConfigurationName]["CertificatePassword"].Value; ;
string opfilepath = @"C:\test.xml";
Saml2SecurityToken token = GetSamlAssertionSignedWithCertificate(identifier, password, _certificateByte);
FileStream fs = new FileStream(opfilepath, FileMode.Create, FileAccess.Write);
XmlWriter xmlwriter = XmlWriter.Create(HttpContext.Current.Response.Output);
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
tokenHandler.WriteToken(xmlwriter, token);
xmlwriter.Flush();
xmlwriter.Close();
fs.Dispose();
}
catch (Exception ex)
{
}
HttpContext.Current.Response.Redirect("index.aspx", true);
}
public static Saml2SecurityToken GetSamlAssertionSignedWithCertificate(String nameIdentifierClaim, String password, Byte[] _certificateByte)
{
Saml2Assertion assertion = new Saml2Assertion(new Saml2NameIdentifier("http://www.example.com/"));
Saml2Conditions conditions = new Saml2Conditions();
conditions.NotBefore = DateTime.UtcNow;
conditions.NotOnOrAfter = DateTime.MaxValue;
assertion.Conditions = conditions;
Saml2Subject subject = new Saml2Subject();
subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(Saml2Constants.ConfirmationMethods.Bearer));
subject.NameId = new Saml2NameIdentifier(nameIdentifierClaim);
assertion.Subject = subject;
X509Certificate2 _cert = new X509Certificate2(_certificateByte, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(_cert);
assertion.SigningCredentials = clientSigningCredentials;
return new Saml2SecurityToken(assertion);
}
我在这里遗漏了什么吗? 提前谢谢。
答案 0 :(得分:1)
至少从XML的角度来看,你不应该需要它。只要xmlns指向正确的URI,就可以使用任何别名(包括空/默认别名)指定XML命名空间。 URI(在本例中为Oasis SAML URN)是唯一重要的事情。
所以这四个元素是XML等价的,大多数XML库甚至不能提供一种方法来区分它们:
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" …
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" …
<fnord:Assertion xmlns:fnord="urn:oasis:names:tc:SAML:2.0:assertion" …
<!-- by convention & convenience aliases are usually lowercase,
but don't have to be -->
<ZB:Assertion xmlns:ZB="urn:oasis:names:tc:SAML:2.0:assertion" …
任何需要特定命名空间别名的东西都可能是某人在进行自己的(错误的)XML解析而不是使用标准库,这会使整个SOAP和SAML堆栈受到怀疑。