我想为 OneLogin SAML 创建具有多个服务提供商证书(签名和加密)的元数据。但是我不知道必须为此设置哪些设置参数。
我正在使用 ruby-saml 宝石。我当前的设置如下
signing_pem = File.read 'signing.pem'
encryption_pem = File.read 'encryption.pem'
settings = OneLogin::RubySaml::Settings.new
settings.single_logout_service_url = "https://sp.com/slo"
settings.assertion_consumer_service_url = "https://sp.com/callback"
settings.issuer = "myissuer"
settings.idp_sso_target_url = 'https://idp.com/redirect/sso'
settings.idp_slo_target_url = 'https://idp.com/redirect/sls'
settings.idp_cert_multi = { signing: [signing_pem], encryption: [encryption_pem] }
settings.security[:authn_requests_signed] = true
settings.security[:logout_requests_signed] = true
settings.security[:logout_responses_signed] = true
settings.security[:want_assertions_signed] = true
settings.security[:metadata_signed] = true
settings.security[:want_assertions_encrypted] = true
以下代码用于生成元数据
OneLogin::RubySaml::Metadata.new.generate settings
我正在获取没有任何证书的元数据
"<?xml version='1.0' encoding='UTF-8'?><md:EntityDescriptor
ID='_eda16671-6d18-4273-b295-3cdd94f9886c' entityID='myissuer'
xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata'><md:SPSSODescriptor
AuthnRequestsSigned='true' WantAssertionsSigned='true'
protocolSupportEnumeration='urn:oasis:names:tc:SAML:2.0:protocol'>
<md:SingleLogoutService
Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
Location='https://sp.com/auth/slo'
ResponseLocation='https://sp.com/auth/slo'/>
<md:AssertionConsumerService
Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
Location='https://sp.com/auth/callback' index='0' isDefault='true'/>
</md:SPSSODescriptor></md:EntityDescriptor>"
答案 0 :(得分:0)
服务提供商设置属性为:
settings.certificate = "public cert"#用于编写SAML响应
settings.private_key = "private cert"#用于解密SAML响应
settings.certificate_new = "public cert"#用于证书过渡,在元数据文件中显示为辅助证书,以便Idp系统可以获取它
我认为没有多个SP证书的功能,至少我不了解它
