是否有任何独立的库,如nusoap for soap webservices for saml assertion,可以创建这样的saml:
<samlp:Response ID="_d645f885-b6b9-4712-ba57-0b3cab551fab" Version="2.0"
IssueInstant="2013-11-13T15:12:16.155Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Organization Name</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
<samlp:StatusMessage>Success</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion Version="2.0" ID="_77a92d43-56db-4ed5-b07b-928db05cd67d"
IssueInstant="2013-11-13T15:12:16.141Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>Organization Name</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_77a92d43-56db-4ed5-b07b-928db05cd67d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="#default saml ds xs xsi"
xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>(AUTO GENERATED)</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>(AUTO GENERATED)</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>(YOUR PUBLIC CERT SUBJECT)</X509SubjectName>
<X509Certificate>(YOUR PUBLIC CERT)</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>(HUB Partner ID)</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
<saml:NameID>(YOUR CERT NAME)</saml:NameID>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2013-11-13T14:12:16.141Z"
NotOnOrAfter="2013-11-13T16:12:16.141Z"/>
<saml:AttributeStatement>
<saml:Attribute Name="State Exchange Code"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue>(STATE CODE FOLLOWED BY ZERO)</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Partner Assigned Consumer ID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue>(YOU ASSIGN THIS VALUE 1-32 STRING)</saml:AttributeValue>
</saml:Attribute>
<saml:AuthnStatement AuthnInstant="2013-11-13T15:12:16.141Z">
<saml:SubjectLocality Address=""/>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
现在我正在使用值和发送服务提供商URL在php变量中构建saml但是我收到错误无法验证saml,库生成的&amp;正如我现在所做的那样,请帮助我 simplesaml是如此难以配置,我不能在我们现有的系统中包含它们加上symfony包,所以请在你的建议中排除它
答案 0 :(得分:1)
访问this网址
,首先在浏览器中加载Akamai Cookie使用Light SAML PHP库来创建和验证saml请求。
$ed = new EntityDescriptor();
$sp = new SpSsoDescriptor();
$ed->addItem($sp);
// KeyDescriptor
$certificate = new X509Certificate();
$certificate->loadFromFile($certificatePath);
$keyDescriptor = new KeyDescriptor('signing', $certificate);
$ed->addItem($keyDescriptor);
// SingleLogoutService
$s = new SingleLogoutService();
$s->setLocation($url);
$s->setBinding($this->resolveBinding($binding));
$sp->addService($s);
// AssertionConsumerService
$s = new AssertionConsumerService($binding1, $url, 0);
$sp->addService($s);
$s = new AssertionConsumerService($binding2, $url, 1);
$sp->addService($s);