所以我正在尝试使用C#和.net 4.5 System.IdentityModel.Tokens.Saml2Assertion类创建一个saml2响应。
到目前为止,我已经创建了一个断言xml,但我在这里看到的示例https://www.samltool.com/generic_sso_res.php在开头有一些响应标记。我的第一个问题是如何获得对我的断言添加的响应部分? (我将在下面发布代码)。我的第二个问题是样本有像这样的标签
Saml2NameIdentifier identifier = new Saml2NameIdentifier(“myid.com”);
Saml2Assertion assert = new Saml2Assertion(identifier);
assert.Subject = new Saml2Subject(identifier);
string attrNamespace = "http://id.certmetrics.com/";
Saml2AttributeStatement attrs = new Saml2AttributeStatement();
DataRow row = qGetCanData.SqlExecDataTable(null, SelectedCandidate.CmcID).Rows[0];
//we have a list of key value pairs in the json string that give us an attribute name, and a column name. The column
//name is what value we would get from the data row using the eval string function
foreach (KeyValuePair<string, string> item in cset.Attributes)
{
string val = EvalString(row, item.Value, string.Empty);
if (!string.IsNullOrEmpty(val))
{
Saml2Attribute attr = new Saml2Attribute(item.Key);
attr.Values.Add(val);
attrs.Attributes.Add(attr);
}
}
assert.Statements.Add(attrs);
StringBuilder sb = new StringBuilder();
XmlWriterSettings settings = new XmlWriterSettings() { OmitXmlDeclaration = true, Encoding = Encoding.UTF8 };
// Use this line to get a .p12 file into the Hex format. Then copy/paste the Hex into a string to store it in the source code.
//string sslCertBytesInHex = Utility.BytesToHex(File.ReadAllBytes(Server.MapPath("~/app_data/ssl.p12")));
string sslCertBytesInHex = "ABigLongHexHere";
// This will load the cert just fine. By using "MachineKeySet", we avoid the need to use "Load User Profile"=true in the AppPool.
X509Certificate2 clientCert = new X509Certificate2();
clientCert.Import(Utility.HexToBytes(sslCertBytesInHex), "1234", X509KeyStorageFlags.MachineKeySet);
X509SigningCredentials creds = new X509SigningCredentials(clientCert);
assert.SigningCredentials = creds;
Saml2SecurityToken token = new Saml2SecurityToken(assert);
StringWriter sw = new StringWriter();
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
tokenHandler.WriteToken(new XmlTextWriter(sw), token);
//here is where I don't know how to get that "response" tags porition, plus add in the saml: to all the tags
它生成的XML看起来像这样
<Assertion ID="_6d1bd525-b460-42a7-9def-fe28d26f5713" IssueInstant="2017-06-14T12:54:28.141Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>myid.com</Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_6d1bd525-b460-42a7-9def-fe28d26f5713">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>SomeString</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>TheSigValue</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>TheCertValue</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Subject>
<NameID>myid.com</NameID>
</Subject>
<AttributeStatement>
<Attribute Name="att1">
<AttributeValue>att1</AttributeValue>
</Attribute>
</AttributeStatement>
</Assertion>
答案 0 :(得分:0)
对SAML2的.NET Framework支持仅适用于SAML2令牌 - 这是XML中的<Assertion>。要生成<Response> XML,您需要支持SAML2协议的内容。要么自己构建,要么使用现有的库。我所做的那个是开源的是Kentor.AuthServices,但是还有其他选择,开源和商业。