无法解析saml服务提供程序元数据

时间:2016-08-23 11:33:50

标签: c#-4.0 metadata identity saml-2.0

我有服务提供商提供的元数据。

我正在使用System.IdentityModel.Metadata;命名空间来解析此元数据。

下面是解析元数据的代码段。

 using (XmlReader reader = XmlReader.Create(new StringReader(metadata)))
        {
            System.IdentityModel.Metadata.MetadataSerializer ser = new System.IdentityModel.Metadata.MetadataSerializer();
            var metadataObject = ser.ReadMetadata(reader);
            var samlMetadata = ((EntityDescriptor)metadataObject);
            entityIdTextBox.Text = samlMetadata.EntityId.Id;
         }

我无法解析此元数据并收到以下错误消息。

ID3276:无法解析签名凭据,因为签名的XML不包含SecurityKeyIdentifier。

以下是服务提供商元数据。

<md:EntityDescriptor ID="V.phzM5jUbn3C.zk3RrwXxXaQiH" cacheDuration="PT1440M" entityID="https://PF-DEMO1" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#V.phzM5jUbn3C.zk3RrwXxXaQiH"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>45KpBmol54EyK76KTKqFPMp4aDzzSVCLAu7CZ7SYq8A=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>CmHeuxi5PXdKpVoz3EiWIMa2VyUA49A6GdxokjyEk9Ma2UlWTMD9QM3lExwgtGIhPpjxOJxG2ynF7lFxyp6CvI4DaCsC787K9oo32gth9fCiKJrqgFeX0JSeRjjmZvkwbg+yuj2CMZ+0bAUQNE5cv+QlESetySARQjtx+GUXmAA=</ds:SignatureValue></ds:Signature><md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIB8TCCAVqgAwIBAgIGATDbjNSDMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9RdWljayBTdGFydCBBcHAxEjAQBgNVBAMTCWxvY2FsaG9zdDAgFw0xMTA2MjkxMzE4MTdaGA8yMTExMDYwNTEzMTgxN1owOzELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1F1aWNrIFN0YXJ0IEFwcDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCCtsj/v026YKYT/VPBdcK3tfxVdGZ0caA0kmwyr9+5yTVxp4rVGnkgKP+WL5YVaOJU+Wcj75yNvvEYx4/Vgtxhf0NLiGp1pWaEuRrC2aPrmx/0vt/0gdHLaUXq7Jj0cOhSgq+SM/wjKqT/+cED932UblZht3jFOuQvf3bTqosr8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF9Y0gznNwteCSn8cpgepzgYEgyrZtLJNc2eI5aEl9CwiyV+6oOeXVm1jZjcT9eOfusnJjHzr1AQdHMcDSSRAsevqYnDC9bpvb1SAZJq8HHHFJ7WTQtLLscDGpyPbopOJ2fJUWxkJcjUjmUIJuSwYGKj1l9wkbF1tK2xqjJDPOUR</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.164.43.248:9031/sp/SLO.saml2"/><md:AssertionConsumerService index="0" Location="https://10.164.43.248:9031/sp/ACS.saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" isDefault="true"/><md:AttributeConsumingService index="0"><md:ServiceName xml:lang="en">AttributeContract</md:ServiceName><md:RequestedAttribute Name="http://schemas.xmlsoap.org/claims/UPN"/><md:RequestedAttribute Name="http://schemas.auth360.net/2012/01/requestcontext/claims/x-am-mail"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/claims/Group"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/><md:RequestedAttribute Name="memberOf"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/uid"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/claims/EmailAddress"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid"/><md:RequestedAttribute Name="http://schemas.efactum.net/ws/2008/identity/claims/fid"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"/><md:RequestedAttribute Name="http://schemas.auth360.net/2012/01/requestcontext/claims/x-am-uid"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/claims/CommonName"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"/><md:RequestedAttribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"/><md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"/><md:RequestedAttribute Name="http://schemas.efactum.net/claims/role"/><md:RequestedAttribute Name="http://schemas.efactum.net/claims/emailaddress"/></md:AttributeConsumingService></md:SPSSODescriptor><md:ContactPerson contactType="administrative"/></md:EntityDescriptor>

请提供相同的建议。

0 个答案:

没有答案
相关问题
最新问题