颁发者ITfoxtec.Identity.Saml2的多个证书

时间:2019-11-20 16:37:12

标签: itfoxtec-identity-saml2

作为上下文:我正在尝试使用ITfoxtec.Identity.Saml2库实现SAML2.0身份验证。我想为一个服务提供商使用多个证书,因为不同的客户端可以登录到服务提供商,并且每个客户端都可以拥有自己的证书。我需要第三方登录服务,以便在发生SAML请求时可以从我的服务提供者meta.xml中的证书列表中进行选择。 ITfoxtec.Identity.Saml2库是否支持这种可能性,或者是否有一些变通办法可以实现?谢谢

1 个答案:

答案 0 :(得分:0)

您通常会有一个Saml2Configuration。但是在您的情况下,我将实现一些Saml2Configuration逻辑,在这里我可以使用当前证书(SigningCertificate / DecryptionCertificate)来请求特定的Saml2Configuration。然后,在AuthController中使用此特定的Saml2Configuration。

然后,元数据(MetadataController)将调用Saml2Configuration逻辑以获取所有证书的列表。

类似这样的东西:

public class MetadataController : Controller
{
    private readonly Saml2Configuration config;
    private readonly Saml2ConfigurationLogic saml2ConfigurationLogic;

    public MetadataController(IOptions<Saml2Configuration> configAccessor, Saml2ConfigurationLogic saml2ConfigurationLogic)
    {
        config = configAccessor.Value;
        this.saml2ConfigurationLogic = saml2ConfigurationLogic;
    }

    public IActionResult Index()
    {
        var defaultSite = new Uri($"{Request.Scheme}://{Request.Host.ToUriComponent()}/");

        var entityDescriptor = new EntityDescriptor(config);
        entityDescriptor.ValidUntil = 365;
        entityDescriptor.SPSsoDescriptor = new SPSsoDescriptor
        {
            WantAssertionsSigned = true,
            SigningCertificates = saml2ConfigurationLogic.GetAllSigningCertificates(),
            //EncryptionCertificates = saml2ConfigurationLogic.GetAllEncryptionCertificates(),
            SingleLogoutServices = new SingleLogoutService[]
            {
                new SingleLogoutService { Binding = ProtocolBindings.HttpPost, Location = new Uri(defaultSite, "Auth/SingleLogout"), ResponseLocation = new Uri(defaultSite, "Auth/LoggedOut") }
            },
            NameIDFormats = new Uri[] { NameIdentifierFormats.X509SubjectName },
            AssertionConsumerServices = new AssertionConsumerService[]
            {
                new AssertionConsumerService {  Binding = ProtocolBindings.HttpPost, Location = new Uri(defaultSite, "Auth/AssertionConsumerService") }
            },
            AttributeConsumingServices = new AttributeConsumingService[]
            {
                new AttributeConsumingService { ServiceName = new ServiceName("Some SP", "en"), RequestedAttributes = CreateRequestedAttributes() }
            },
        };
        entityDescriptor.ContactPerson = new ContactPerson(ContactTypes.Administrative)
        {
            Company = "Some Company",
            GivenName = "Some Given Name",
            SurName = "Some Sur Name",
            EmailAddress = "some@some-domain.com",
            TelephoneNumber = "11111111",
        };
        return new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult();
    }

    private IEnumerable<RequestedAttribute> CreateRequestedAttributes()
    {
        yield return new RequestedAttribute("urn:oid:2.5.4.4");
        yield return new RequestedAttribute("urn:oid:2.5.4.3", false);
    }
}
相关问题
最新问题