C#-如何使用HTTP重定向绑定

时间:2018-08-27 05:14:24

标签: c# saml-2.0 http-redirect signing

我们已经使用.Net Web API和SQL Server在Angular 5中开发了网站。该网站已部署在Azure上。网站已使用SAML 2.0与SSO(Ping Federator)成功集成。

现在我们需要签署SAML请求。我们有私钥和公钥,并且在发送签名的SAML请求时在IDP端收到“无效签名”错误。以下是示例SAML请求。

<samlp:AuthnRequest 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
    ID="_6727de62-72e3-48fd-836a-04332e7b2453" 
    Version="2.0" 
    IssueInstant="2018-08-27T05:07:04Z" 
    Destination="https://sso/SSO.saml2" 
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
    AssertionConsumerServiceURL="http://mysite/login" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://issuersite.com</saml:Issuer>
    <samlp:NameIDPolicy 
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" 
        AllowCreate="true" />
</samlp:AuthnRequest>

使用以下命令构造相同的对象。

url = ssourl + “?” + "SAMLRequest=" + HttpUtility.UrlEncode(request) + "&Signature=" + HttpUtility.UrlEncode(_signature);

以下是已签名的SAML请求。

<?xml version="1.0"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://mysite/login " ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" IssueInstant="2018-08-07T07:40:36Z" Version="2.0" ID="_b8e67b27-cdd0-41ad-afe3-d98074813ec9"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> http://issuersite.com </saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_b8e67b27-cdd0-41ad-afe3-d98074813ec9"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NhZ1uC0aHuTf3/u6jmAShInBWtE=</DigestValue></Reference></SignedInfo><SignatureValue>YslaCvEyqd8XTnXEElDNawX399eZ61NWrE4ue/PVBmUoycIQ5kkCixnZSUEShJKL8UXuAOgIG/wW7jWZKpVY4ouIPafRDjQBVk/M7kAoMVdSVbAdZcqQLO0yGZLOyhOzyCF/O71wnxHPHIIKyf47vBt6GCyEB3MKioNXnU8fx8htig/AqKh6Ff6lku9zNpl88MugP5S9ZDzzBpmspLPP0cuO2dfiKsmYfMxfUrOcy2+FT33eBsnXDivD1he4Ts7LKW6HZJbY3LsqTc0U3qcjgJs9lmwcbqz27okojl6dz17ZAR42NNveaSRV8t09aPVuf+VVtWbEXHsqSPTrV2J9lQ==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIID8TCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRMwEQYDVQQKEwpLcmFmdEhlaW56MQswCQYDVQQLEwJJUzEpMCcGA1UEAxMgYWN0aW9uei1kZXYuY2xvdWQua3JhZnRoZWlueipLcmFmdEhlaW56MQswCQYDVQQLEwJJUzEpMCcGA1UEAxMgYWN0aW9uei1kZXYuY2xvdWQua3JhZnRoZWluei5jb20xKDAmBgkqhkiG9w0BCQEWGVNlbGZTaWduZWRAa3JhZnRoZWluei5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYegD07kGb7n+LmBZ1XIzx/eygVDOpS+73qKUm4o6o5IXDIEi99+sjitpV9SOG0TLxtkF4lrJ9CytuPDosefDP+gahLzrLMxx6jqptmDIT6YdqjTGDrUMp6k3FG5YAtavNQUnUFYtbxrGcy5j2KznBckYoiqwqxsO/KlA4g7d4DDeygilYVF5gp6dQeZQqFijBDlFwJHLWYiFq+sY2O/yyX+2GBo7KJ2YNWMr9Y7RUEcOfcUTagPC+WoaJEEpzoRtq1nxaEjbwViVmRxLNzPnZZ4ABa1x2rkBwZzbF1r4NrsQg+OFR6sjKkxCf9f4fDoso9YLJV7raU5zfoLRfhvbBAgMBAAGjLjAsMAsGA1UdDwQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAG7s0ZD/rFmdmH0Uk6suq5XWQiu7hxgWZlqNEiehBuq5SHj73jVAN1+8/pqFqShsziP8hsnt20k4gJ1RfxrTZcbO0KhGXqE+727XjbrE9kDPlr2AwfMxOrDSQjxwVtoYC0hVbPygyAsH3OP4LrezhTvEmiUESQvVWBBw3yfEetKkfH1nF4+W+eSY0T4Q1rckoHf03XlBZkIf8Tc9T/CQ8XGDoSNUe1ZRXLm4zgM2VCzT5Y8DoUGG1ScRLH1HpFPruBarZ7kq5FRZfZpZdIQD3khIAx8hh8qpCMFV4rOO+xN+0havo08+jBP2qVE5A+PDua9lm8WVydhJbfYegzN5nJQ=</X509Certificate></X509Data></KeyInfo></Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/></samlp:AuthnRequest>

请求使用内存流和base64编码来缩小。 _签名是经过签名的xml和base64编码。

我们能够成功签署XML文档,但在签署SAML请求时出错。

尝试了以下选项,但没有一个起作用。请分享所有输入以解决此问题。让我知道是否需要其他详细信息。

SAML Redirect sign or verify failing to produce correct signature

HTTP-Redirect Binding SAML Request

0 个答案:

没有答案
相关问题
最新问题