Auth0和AWS SSO无效的Saml

时间:2018-09-14 09:39:43

标签: single-sign-on saml-2.0 auth0 aws-iam

我正在将Auth0集成为AWS中的身份提供者。我按照Auth0 Portal Configure SSO with the AWS Console

中说明的步骤进行操作

当我使用Auth0 Identity Provider登录URL登录时,AWS不会验证Auth0生成的SAML响应。我收到“您的请求包含无效的SAML响应。要注销,请单击此处”。

SAML响应如下。有人可以帮我吗?

    <?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_b1678adbec6f1c3a5d78" Version="2.0" IssueInstant="2018-09-14T09:22:23Z" Destination="https://signin.aws.amazon.com/saml">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:awswithauth0.auth0.com</saml:Issuer>
   <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </samlp:Status>
   <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_JveCWLAz6YJUDp8fHItCRzbzqD40JC6P" IssueInstant="2018-09-14T09:22:23.917Z">
      <saml:Issuer>urn:awswithauth0.auth0.com</saml:Issuer>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
         <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="#_JveCWLAz6YJUDp8fHItCRzbzqD40JC6P">
               <Transforms>
                  <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                  <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
               </Transforms>
               <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
               <DigestValue>NlIgqPNfKTF/KBMj2Uo30FgW+Fk=</DigestValue>
            </Reference>
         </SignedInfo>
         <SignatureValue>somevalue</SignatureValue>
         <KeyInfo>
            <X509Data>
               <X509Certificate>somevalue</X509Certificate>
            </X509Data>
         </KeyInfo>
      </Signature>
      <saml:Subject>
         <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">someemailid</saml:NameID>
         <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData NotOnOrAfter="2018-09-14T10:22:23.917Z" Recipient="https://signin.aws.amazon.com/saml" />
         </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2018-09-14T09:22:23.917Z" NotOnOrAfter="2018-09-14T10:22:23.917Z">
         <saml:AudienceRestriction>
            <saml:Audience>https://signin.aws.amazon.com/saml</saml:Audience>
         </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement AuthnInstant="2018-09-14T09:22:23.917Z" SessionIndex="_iqzvvSqUK1JJ_4rwjyAd_WwEKA_LqsDN">
         <saml:AuthnContext>
            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
         </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <saml:Attribute Name="https://aws.amazon.com/SAML/Attributes/Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml:AttributeValue xsi:type="xs:string">arn:aws:iam::someaccountId:role/someawsrole,arn:aws:iam::someaccountId:auth0SamlProvider</saml:AttributeValue>
         </saml:Attribute>
         <saml:Attribute Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml:AttributeValue xsi:type="xs:string">someemailid</saml:AttributeValue>
         </saml:Attribute>
      </saml:AttributeStatement>
   </saml:Assertion>
</samlp:Response>

0 个答案:

没有答案
相关问题
最新问题