xmlsec1 saml签名:找不到名称为“ Signature”的默认节点

时间:2018-07-06 08:40:01

标签: saml-2.0 xmlsec xmlsec1

我在签名以下saml消息时遇到麻烦:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://sp/sso/assert" ID="id-qOKj7lEjHF9LLlTjt" InResponseTo="_cd59dfa2245177f214bfc5252c873e702ad29640c3" IssueInstant="2018-07-06T07:34:48Z" Version="2.0">
    <saml2:Issuer>http://myidp/sso</saml2:Issuer>
    <ds:Signature>
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_50247aab9621ee91aaca836e20de20dc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue/>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue/>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA.....</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-RytehFWT2t5Bem6UH" IssueInstant="2018-07-06T07:34:48Z" Version="2.0">
        <saml2:Issuer>http://myidp/sso</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">test@test.com</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData InResponseTo="_cd59dfa2245177f214bfc5252c873e702ad29640c3" NotOnOrAfter="2018-07-06T07:34:48Z" Recipient="https://sp/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2018-07-06T07:34:48Z" NotOnOrAfter="2018-07-08T08:52:24.242Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>test_audience</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2018-07-06T07:34:48Z" SessionIndex="_72c6639cdbf65c0b2eed63847990b13a">
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
    </saml2:Assertion>
</saml2p:Response>

每当我启动使用xmlsec1进行签名的命令时,都会收到以下消息:

Error: failed to find default node with name="Signature"
Error: failed to load template "/tmp/test.xml"
Error: failed to sign file "/tmp/test.xml"

正如您在SAML消息中看到的那样,我已经有一个Signature标记,并且检查了我的XML是否有效,所以现在我有点卡住了。谁能找到我的问题?

1 个答案:

答案 0 :(得分:0)

事实证明,我在消息的断言部分中缺少签名节点,如果要对消息和断言进行签名,则必须同时具有签名节点。