带有SAML2断言的WCF BinarySecretSecurityToken错误

时间:2016-04-28 20:54:54

标签: c# wcf saml saml-2.0

我向服务器发出请求以获取SAML2断言,并抛出以下异常:无法从'断言'中读取令牌。元素与' urn:oasis:names:tc:SAML:2.0:断言' BinarySecretSecurityToken的命名空间,带有''值类型。如果预期此元素有效,请确保将安全性配置为使用指定了名称,名称空间和值类型的标记。

以下是绑定。无论我是通过其端点和绑定直接调用STS还是使用消息端点,我都会收到错误。

  <customBinding>
    <binding name="STSBinding" messageEncoding="Text" textEncoding="utf-8">
      <textMessageEncoding messageVersion="Soap11WSAddressing10" />
      <security enableUnsecuredResponse="true" authenticationMode="UserNameOverTransport"
        messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Lax" allowSerializedSigningTokenOnReply="true"
        requireSignatureConfirmation="false" requireDerivedKeys="false"  messageProtectionOrder="SignBeforeEncrypt" keyEntropyMode="ClientEntropy" defaultAlgorithmSuite="Basic256Sha256">
      </security>
      <httpsTransport/>
    </binding>

    <binding name="MessageBindings" messageEncoding="Text" textEncoding="utf-8">
      <textMessageEncoding messageVersion="Soap11WSAddressing10" />
      <security enableUnsecuredResponse="true" authenticationMode="IssuedTokenForSslNegotiated" requireSignatureConfirmation="false">
        <issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" >
          <issuer address="https://STSURL" binding="customBinding" bindingConfiguration="STSBinding" />
        </issuedTokenParameters>
      </security>
      <httpsTransport authenticationScheme="Basic"/>
    </binding>
  </customBinding>

  <endpoint name="message" address="Message Services URL"
            binding="customBinding" bindingConfiguration="MessageBindings"
            behaviorConfiguration="endpointCredentialsBehavior" contract="starTransportPortTypes" />


  <endpoint name="sts" address="STS URL"
            binding="customBinding" bindingConfiguration="STSBinding"
            behaviorConfiguration="endpointCredentialsBehavior" contract="sts">

以下是STS的回复副本。遗憾的是,我无法控制所发回的内容并且不得不忍受它。任何有关做什么的帮助或见解都表示赞赏。

    <soapenv:Envelope xmlns:sec="url" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml2:Assertion Version="2.0" ID="SAML-597962b9-0d0d-49a4-af84-229310840afc" IssueInstant="2016-04-28T19:08:47Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>EIG</saml2:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#SAML-597962b9-0d0d-49a4-af84-229310840afc">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>HTO2ObX7QtFkA8YiC0hKBWeq76A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[]</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>[]</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US</X509IssuerName>
<X509SerialNumber>115130133586943852022066699948787686217</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
</Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SH0000000026</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<saml2:SubjectConfirmationData>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>[]</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml2:SubjectConfirmationData>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2016-04-28T19:08:47Z" NotOnOrAfter="2016-04-28T20:08:47Z"/>
<saml2:AuthnStatement AuthnInstant="2016-04-28T19:08:47Z" SessionNotOnOrAfter="2016-04-28T20:08:47Z">
<saml2:SubjectLocality Address="127.0.0.1"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-E5F8A0F74817A6851314617851816965" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"></soapenv:Body>
</soapenv:Envelope>

0 个答案:

没有答案