解析Pysaml2中的签名响应

时间:2015-12-02 20:44:56

标签: python authentication saml-2.0

我正在尝试接收IDP签名请求,但我不确定我需要配置什么才能验证签名。

我已按如下方式设置CONFIG:

'want_response_signed': True, 
'authn_assertions_signed': True,

我也将这些参数发送到parse_authn_request_response:

parse_authn_request_response(
        xmlstr=request.form['SAMLResponse'],
        binding=entity.BINDING_HTTP_POST,
        outstanding_certs={
            'http://somedomain.com': [
                {
                    'key': '.../app-private.key',
                    'cert': '.../app-public.cert'
                }
            ]
        }
)

但是我在error.log中得到了这个回溯:

Traceback (most recent call last):
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
[Wed Dec 02 20:05:34 2015] [error]     response = self.full_dispatch_request()
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
[Wed Dec 02 20:05:34 2015] [error]     rv = self.handle_user_exception(e)
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask_cors/extension.py", line 188, in wrapped_function
[Wed Dec 02 20:05:34 2015] [error]     return cors_after_request(app.make_response(f(*args, **kwargs)))
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
[Wed Dec 02 20:05:34 2015] [error]     reraise(exc_type, exc_value, tb)
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
[Wed Dec 02 20:05:34 2015] [error]     rv = self.dispatch_request()
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
[Wed Dec 02 20:05:34 2015] [error]     return self.view_functions[rule.endpoint](**req.view_args)
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/flask_cors/decorator.py", line 127, in wrapped_function
[Wed Dec 02 20:05:34 2015] [error]     resp = make_response(f(*args, **kwargs))
[Wed Dec 02 20:05:34 2015] [error]   File "/var/www/mysp/app.py", line 199, in idp_initiated
[Wed Dec 02 20:05:34 2015] [error]     'cert': '/var/www/mysp/app-public.cert'
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/saml2/client_base.py", line 581, in parse_authn_request_response
[Wed Dec 02 20:05:34 2015] [error]     binding, **kwargs)
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/saml2/entity.py", line 1140, in _parse_response
[Wed Dec 02 20:05:34 2015] [error]     response = response.verify(keys)
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 993, in verify
[Wed Dec 02 20:05:34 2015] [error]     if self.parse_assertion(keys):
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 908, in parse_assertion
[Wed Dec 02 20:05:34 2015] [error]     if not self._assertion(assertion, False):
[Wed Dec 02 20:05:34 2015] [error]   File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 770, in _assertion
[Wed Dec 02 20:05:34 2015] [error]     raise SignatureError("Signature missing for assertion")
[Wed Dec 02 20:05:34 2015] [error] SignatureError: Signature missing for assertion

我错过了什么?

0 个答案:

没有答案
相关问题
最新问题