SSO身份验证:Java中的IDP和PHP中的SP

时间:2018-03-19 06:18:33

标签: java saml opensaml simplesamlphp

我创建了SimpleSAMLphp,将JAVA中的服务提供者和OpenSAML配置为IDP,将断言发送给SP。现在我将登录我的IDP服务器并通过链接进入带有SSO身份验证的SP服务器,但在我目前的情况下,来自IDP的请求(在Java端)无法与SP连接,我无法在SP上获取请求服务器。我写了这样的代码:

$config2 = SimpleSAML_Configuration::getInstance();
$asId = 'default-sp';
$as = new \SimpleSAML\Auth\Simple($asId);
$as->requireAuth();

if($as->isAuthenticated()){
print_r($as->getAttributes());
}

在IDP服务器上,我们设置了如下的XML断言:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="{Destination URL}" ID="pfx_0x834b6b3e7d22b4af67cd0ba03f609d8c" IssueInstant="2018-03-13T06:52:41Z" Version="2.0">
   <saml:Issuer>{URL of IDP}</saml:Issuer>
   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
         <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
         <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <Reference URI="">
            <Transforms>
               <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>pQ6y5qJUjSfi6b92hfsWanjQLp8=</DigestValue>
         </Reference>
      </SignedInfo>
      <SignatureValue>eVF5BoZ89bW0Lq19KZA3Txykl8nyWQg1LZVtXL20cSRYs8yurYqpcyH5a7nRzmYahQBcNHLrQ3Ym1jXwI3ZHZGE9tzxLNkt</SignatureValue>
      <KeyInfo>
         <X509Data>
            <X509Certificate>MIIGQDCCBSigAwIBAgITGAAAAZ2HGmcpPW/rIgAAAAABnTANBgkqhkiG9w0BAQsFADBZMRIwEAYKCZImiZPyLGQBGRYCYWUxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRgwFgYKCZImiZPyLGQBGRYIZXRpc2FsYXQxEzARBgNVBAMTC</X509Certificate>
         </X509Data>
         <KeyValue>
            <RSAKeyValue>
               <Modulus>mzwHw89DXYEJDhL/AeLwb0fHyrz0Vkd1tb5bkdbAZd4GKxBp6cQxNKB6SSR07EwniU1QeUYcdkypty7+/HWMFplabuq577</Modulus>
               <Exponent>AQAB</Exponent>
            </RSAKeyValue>
         </KeyValue>
      </KeyInfo>
   </Signature>
   <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </samlp:Status>
   <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="A_0x834b6b3e7d22b4af67cd0ba03f609d8c" IssueInstant="2018-03-13T06:52:41Z" Version="2.0">
      <saml:Issuer>{URL of IDP}</saml:Issuer>
      <saml:Subject>
         <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@test.com</saml:NameID>
         <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData NotOnOrAfter="2018-03-14T06:52:41Z" Recipient="{SP URL}" />
         </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2018-03-13T06:52:41Z" NotOnOrAfter="2018-03-14T06:52:41Z">
         <saml:AudienceRestriction>
            <saml:Audience />
         </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement AuthnInstant="2018-03-13T06:52:41Z" SessionIndex="_0x5291ba94c7b90fa1b3908cb5500a85f9" SessionNotOnOrAfter="2018-03-14T06:52:41Z">
         <saml:AuthnContext>
            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
         </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
         <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">takarimkhan</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">CustomerAdmin</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="PartyID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">[4510988, 21378180, 13162764]</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">test@test.com</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">TANAVAR KARIMKHAN</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="contactNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">0501234567</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="channel" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
            <saml:AttributeValue xsi:type="xs:string">B2B</saml:AttributeValue>
         </saml:Attribute>
      </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>

请告诉我们如何与IDP联系并从Assertion获取所有信息?

0 个答案:

没有答案
相关问题
最新问题