未在此响应中找到有效的SubjectConfirmation

时间:2016-04-05 07:18:08

标签: xml saml-2.0

我正在处理saml 2.0并且低于错误

"未在此响应中找到有效的SubjectConfirmation"

我检查了一些示例saml代码,似乎SubjectConfirmation没问题。我真的很困惑。

以下是我的代码

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="e56e0a23-563e-47cd-bew5-95c8fca1236" IssueInstant="2016-05-01T05:47:26.091Z" Version="2.0">
<saml2p:Status>
<saml2p:StatusCode  Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="pfxd0874deb-c9b5-6360-5f2a-f63174cd02ff" IssueInstant="2016-05-01T05:47:26.091Z">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">04.IGM.AS*.813.108</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#pfx38e2f566-f730-840a-9680-4897d47d7744">
      <ds:Transforms>
        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </ds:Transforms>
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <ds:DigestValue>HwQhwetzuxmqWi3C3qPY/QwB3Go=</ds:DigestValue>
    </ds:Reference>
  </ds:SignedInfo>n
  <ds:SignatureValue>bJz5BItuEPUFkL7L4uBr9XCuRUGuspZAfX9yfhH0U9a0SNbeLOk7EoNVnfFdK7w5aYNLbjujd8ueijdksjksjksjfksjfksdmfjK+q24iQAhJ92O5dK7CPf1knPiW8vBE3ErQChRUlVWXgFnfU03/fQyIGGwvbSjmBiKkuEOXoaWwPUhzYYIbSY6C8h2TeV8x/ZqbhbgVjmTO+siYuj2d9Boc+AczNHOJZNm9n0HCcKc7KoqTGb7wY6O2UB91wACvaxZ816FVfemDLuNmqOuQInzoJuwg==</ds:SignatureValue>
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <X509Data>
      <X509SubjectName></X509SubjectName>
      <X509Certificate>MIIFDjCCA/agAwIBAgIQQBY8IP8mtusEKEzftWQ0oDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDYxMTAwMDAwMFoXDTE2MDcyNjIzNTk1OVowgZcxCzAJBgNVBAYTAlVTMRwdewdweeqwe35453tfwedfsdfsdfr43tr34ruZ292MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrxvmLhJanVv7itSqcLe5b/kh6lJl0oCjiPIyAa490GTpbjBKf8P9Gj5j6+6VYX3+/7UPjrj8bZJeTCd2Owy64N4XBfPTAnMoBtwhLU05kMSV9GMyrnJdL+xh7+N7541NT+27H4YXfeUWJ7Rv+CsGvfMIdZp7tZWnDXkXA1J9HiMyoxaE2lS51x5lFAuwWmqgGsEGjoYUa2mtcg9E1y/PjnMFVOU/lMGCiC5tk1PJc+/z7eVpE4bQj2fmuORE+257+OmjvPJEFN06yppJAdsop75crHq3pOHJ4ZKMi4BtTM3XuSvzXSftCGzF+pnC6gDv9j5/RkXovSOxEMfpNC7wwIDAQABo4IBbDCCAWgwIgYDVR0RBBswGYIXYXBwLnByb2QuaGVhbHRoY2FyZS5nb3YwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwDQYJKoZIhvcNAQELBQADggEBAIPniregcjydQnQ9c6irafVKy/C0NwrS6+ShrLUsnEX/gBcB3x4SzKQiD+ZvUo/ULuC8NvPtvggUFuyS9unOUwLa/r4PePXfJkNYvsxjYhieXoxE/O2YpIhJccPuCwpwHSiWw5fdtS+LOFBfCiz846Dm3BlB+Bw0Xy4OJ1QdZDIPk1QS5jKrMZk824QL0eGIV+vfpEErzsJwbI2GdZI6avQLhUQ4UTNnP1WJesA6elBtzEGPUQ8snoDNPJmjnHAsTmlfmrRKlYPz2IcnV1JIpfXU2fpULw4/D1/ukH3PRxzhjeJZ8ZIebXnxE6Ll2qqS69BUeNWe1V6HrUeX6xqvhys=</X509Certificate>
    </X509Data>
  </KeyInfo>
</ds:Signature>
<saml2:Subject>
  <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="">04.IGM.AS*.813.108</saml2:NameID>
  <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
    <saml2:NameID> NameId </saml2:NameID>
  </saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2016-02-29T05:47:26.091Z" NotOnOrAfter="2016-05-02T05:47:26.091Z"/>
<saml2:AttributeStatement>


    <saml2:Attribute Name="Transfer Type" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>Direct Enrollment</saml2:AttributeValue>
    </saml2:Attribute>


    <saml2:Attribute Name="Zip Code" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>22042</saml2:AttributeValue>
    </saml2:Attribute>


    <saml2:Attribute Name="State Exchange Code" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>VA0</saml2:AttributeValue>
    </saml2:Attribute>


    <saml2:Attribute Name="Partner Assigned Consumer ID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>238561695</saml2:AttributeValue>
    </saml2:Attribute>



    <saml2:Attribute Name="Keep Alive URL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>https://www.website.com/keep_alive</saml2:AttributeValue>
    </saml2:Attribute>


    <saml2:Attribute Name="Return URL" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>https://www.website.com/consumer?_no_track=true=2016</saml2:AttributeValue>
    </saml2:Attribute>


    <saml2:Attribute Name="User Type" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml2:AttributeValue>Consumer</saml2:AttributeValue>
    </saml2:Attribute>


</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2016-05-01T05:47:26.091Z" SessionIndex="Session-ae483e76bb477448a13638140ac13cac" SessionNotOnOrAfter="2016-05-02T05:47:26.091Z">
  <saml2:SubjectLocality Address="27.109.26.14"/>
  <saml2:AuthnContext>
    <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
  </saml2:AuthnContext>
</saml2:AuthnStatement>

</saml2:Assertion>
</saml2p:Response>

0 个答案:

没有答案
相关问题
最新问题