具有EncryptedID支持的Saml2SecurityTokenHandler

Question

我正在尝试从具有未加密断言的SAMLP 2.0响应中读取安全性令牌，但是使用EncryptedID对属性进行加密。

我正在使用Saml2SecurityTokenHandler通过ReadToken方法获取安全令牌。这最终将调用ReadSubject，并且将引发异常：'Element' is an invalid XmlNodeType。 根据消息来源，Saml2SecurityTokenHandler.cs不支持EncryptedID。因此，我必须编写自己的实现。有人对此有经验吗？或者可以给我指出好的代码示例。

<saml:Subject>
    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">d1fd410b-d485-4956-a9d3-eef9291045c8</saml:NameID>
    <saml2:EncryptedID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_29dbab2c7ef41026f9ae573703ad233b" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_06c497ce9c9142a1f2d425011ddcda17" />
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>EmXVT1jw+uVQWTaAmYBYONRvoHkUDH+zTAJPg0a/AWT9XNjB+weF+NKDa5l9Tm1dNJd9OE8GyOGCrLLAcxCHvJwg9gk5WMUeBhtWltHJutsd94PioWoLFnaRRZUmF/wAJ4YK1AcOgK2cPZ0PH4lt18qkjcf/otmDUePQOSb8qox4JIINAgzlItJ5j4un16jh2tooIoRpklxglhISycv/RI2lTKmhSL4zpSrlTBwJWyBKPq0SEm29USrbVhrQK/z3RfZIO5DPghveT/fiJiuUrA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
        <xenc:EncryptedKey Id="_06c497ce9c9142a1f2d425011ddcda17" Recipient="urn:etoegang:DV:00000003544415870000:entities:0001" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
            </xenc:EncryptionMethod>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:KeyName>B9DC06853C0435DA253F23816E3665BEAE9C4A8E</ds:KeyName>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>iVTdD2P4k14PgQ6I3YR3M2rw1DmrsgAa2mKLvOD4Jhhwl8W7UDAIX5vc/tAFwyu1tF72WU4h9Oa8EapqaHazBw8c7VedDBwZTm6cIzTndbVDNXTP6iJTbvB2M4HIjo3y5lE4cbWk5fGaAtJ2jnQXoxTGxrC5B0Tllgf+L4oAFxxwKDueAEc9v736l/CoPteZhPp+Je4SYZlDZqq1isNSk40EQikrD9GubAdDuGUG3X22McuaQWi5FGWZLFoRfTOxZgls1TOsjtFiFToZ77/3+HlZYQ+6/25o1Nqvfci+MVR1feerkra1NzVwoScjJS+1BCYd0OyKBF4PvSx7io3R6Q==</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:ReferenceList>
                <xenc:DataReference URI="#_29dbab2c7ef41026f9ae573703ad233b" />
            </xenc:ReferenceList>
        </xenc:EncryptedKey>
    </saml2:EncryptedID>
    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml:SubjectConfirmationData InResponseTo="_3d9c46ba251c38d74901355011391aa4b7712a1c" NotOnOrAfter="2018-07-27T08:47:20.653Z" Recipient="https://eid.digidentity-preproduction.eu/hm/eh111/eb_hm" />
    </saml:SubjectConfirmation>
</saml:Subject>

谢谢