我得到了以下SAML令牌结构;它是由生产环境中的防火墙注入的。到目前为止,我已经使用过JOT,并且对SAML令牌没有任何经验。
我的Express堆栈具有“令牌解码”中间件。我希望它做“正确”的事情,例如确保执行以下操作:
鉴于以下结构,验证SAML的最佳工具是什么?此外,它还需要其他东西(即“验证服务器”,密钥等...我不知道SAML身份验证的详细信息...)
预先感谢
<?xml version="1.0" encoding="UTF-8"?>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="Assertion-uuida879c69c-0167-1543-bfc6-bd9d24e41ede" IssueInstant="2018-12-13T16:50:12Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">TBD_A_COMPANY</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="uuida879c69e-0167-131d-a363-bd9d24e41ede">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
<ds:Reference URI="#Assertion-uuida879c69c-0167-1543-bfc6-bd9d24e41ede">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xc14n:InclusiveNamespaces xmlns:xc14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="saml xs xsi" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
<ds:DigestValue>TBD_DIGEST_VALUE</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TBD_SIGNATURE_VALUE</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>TBD_X509_CERT</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">TBD_USER_ID</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2018-12-14T00:50:12Z" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2018-12-13T16:49:12Z" NotOnOrAfter="2018-12-14T00:50:12Z">
<saml:AudienceRestriction>
<saml:Audience>https://stage.eportal.TBD_A_COMPANY.com/B2EApp_IVCRED_SAML2_ISSUE_TrustChain</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2018-12-13T16:50:12Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">TBD_NAME@TBD_DOMAIN.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">TBD_NAME</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="membership" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">CN=FSSO-Non Employee,OU=Azure AD,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=FSSO-Employee,OU=Azure AD,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=f5_administrator,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=splunk_f5_dtl,OU=Splunk,OU=Applications,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=isam_console_admin,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=Rally_User,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=Splunk_iowa_staff,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=vasps_wf_admin,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=RemoteLogonSTLVASOPS,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=vasps_Admin_Analytics,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=RemoteLogonIOWA,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=ws_operator,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=ws_administrator,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=InetDevl WebAdmin,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=RemoteLogonWebAdmin,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">CN=GetLog-ITS-WA,OU=TBD_A_COMPANY Groups,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sAMAccountName" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">TBD_USER_ID</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="dn" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">CN=TBD_USER_ID,OU=TBD_A_COMPANY Users,DC=corp,DC=TBD_A_COMPANY,DC=test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AttributeValue xsi:type="xs:string">TBD_NAME</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>