样本SAML请求

Question

我正在尝试使用以下格式的xml代码将SAML请求发送到URL。

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://tawtheeq.sa/mybank1/ReceiveSAMLResponse" Destination="https://tawtheeq.sa/identity-gateway/ReceiveSAMLRequest" ForceAuthn="false" ID="_964484d741502e19a0b148d478a64050" IsPassive="false" IssueInstant="2018-06-04T12:46:07.860Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">MyBank1
</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#_964484d741502e19a0b148d478a64050">
    <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp"/></ds:Transform>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>B99CKUkHBSVelX86anIYMPaktnw=</ds:DigestValue>
  </ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
  G99wkwUJfBUAV06ll6xATNWdf+JnAzdr2RZcJ2+l5DWY6sboj5+hh93qFO6QQjnd+hN/Wqzb6yAwyt8qnGUaJRHAf/LWClTcTsAGKbB1UpIAVLK11hjaeRnlQLBTBQXhzcASdWTwOH9CpgRwJLyKK8C7
</ds:SignatureValue>
<ds:KeyInfo>
   <ds:X509Data>
    <ds:X509Certificate>
      MIIDaTCCAlGgAwIBAgIEB/lEIzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJzYTEPMA0GA1UECBMGcml5YWRoMQ8wDQYDVQQHEwZyaXlhZGgxETAPBgNVBAoTCG15LWJhbmsxMQ0wCwYDVQQLEwRlcnNzMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgwMjA1MTQzNzI0WhcNMTkwMTMxMTQzNzI0WjBlMQswCQYDVQQGEwJzYTEPMA0GA1UECBMGcml5YWRoMQ8wDQYDVQQHEwZyaXlhZGgxETAPBgNVBAoTCG15LWJhbmsxMQ0wCwYDVQQLEwRlcnNzMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
    </ds:X509Certificate>
  </ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

我使用ComponentPro库创建SAML fil并使用我的证书文件p.12文件对其进行签名，但仍然无法通过正确的请求访问IDP。

这是我创建SAML文件并将其发布到url的方法。

    private void SendTawtheeqRequest()
    {
        string ConsumerServiceUrl = "https://tawtheeq.sa:8443/identity-gateway-test/ReceiveSAMLRequest";

        // Create a SAML response object.
        var samlResponse = new Response();

        // Assign the consumer service url.
        //samlResponse.Id = "_" + Guid.NewGuid().ToString();
        samlResponse.Destination = ConsumerServiceUrl;
        //samlResponse.IssueInstant = DateTime.UtcNow;
        var issuer = new Issuer(GetAbsoluteUrl("~/"));
        samlResponse.Issuer = issuer;
        samlResponse.Status = new Status(SamlPrimaryStatusCode.Success, null);
        var samlAssertion = new Assertion();
        samlAssertion.Issuer = issuer;

        // Use the local user's local identity.
        var subject = new Subject(new NameId(User.Identity.Name));
        var subjectConfirmation = new SubjectConfirmation(SamlSubjectConfirmationMethod.Bearer);
        var subjectConfirmationData = new SubjectConfirmationData();
        subjectConfirmationData.Recipient = ConsumerServiceUrl;
        subjectConfirmation.SubjectConfirmationData = subjectConfirmationData;
        subject.SubjectConfirmations.Add(subjectConfirmation);
        samlAssertion.Subject = subject;

        // Create a new authentication statement.
        var authnStatement = new AuthnStatement();
        authnStatement.AuthnContext = new AuthnContext();
        authnStatement.AuthnContext.AuthnContextClassRef = new AuthnContextClassRef(SamlAuthenticationContext.Password);
        samlAssertion.Statements.Add(authnStatement);
        samlResponse.Assertions.Add(samlAssertion);


        //Signing created xml document
        var encryptingCert = new X509Certificate2(@"my_bank1_signed.p12");


        var Key = (RSACryptoServiceProvider)encryptingCert.PrivateKey;

        // Sign the SAML response with the certificate.
        samlResponse.Sign(Key, encryptingCert);
        // Send the SAML response to the service provider.

        Request.ContentType = "application/x-www-form-urlencoded";
        samlResponse.SendHttpPost(Response.OutputStream, ConsumerServiceUrl, "10");
    }

如果任何人有SAML经验，我只需要知道如何达到这种格式，如果您可以与我分享有关此主题的文章，我将不胜感激。