WCF SAML 1.1客户端问题

时间:2011-10-28 08:40:16

标签: wcf client token saml

以下是该方案:

1)WCF客户端通过RST / Issue请求调用请求SAML令牌的STS

2)STS以RSTRC / IssueFinal响应,将SAML令牌放入响应头

3)WCF客户端选择SAML令牌以调用业务Web服务

STS和Web服务托管在基于Java的环境中。 1)和2)工作正常,也就是说,我可以看到STS以预期的方式响应SOAP标头和正确设置的主体。

现在,问题在于,在收到来自STS的响应后,WCF客户端向业务Web服务发送了安全上下文令牌请求,这当然失败了,我不知道如何以及为什么。

这是我的app.config for client:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsFederationHttpBinding>
<binding name="RegistryServiceBinding">
  <security mode="TransportWithMessageCredential">
    <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"
      negotiateServiceCredential="False" establishSecurityContext="false">
      <issuer address="https://my-sts-ip/idp-ws/services/BasicSAMLIssuer"
      binding="customBinding" bindingConfiguration="STSBinding" />
    </message>
  </security>
</binding>
</wsFederationHttpBinding>

<customBinding>
<binding name="STSBinding">
  <security allowInsecureTransport="False"
    authenticationMode="UserNameOverTransport"
    requireSignatureConfirmation="false"
    messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
  </security>          
  <textMessageEncoding messageVersion="Soap12WSAddressing10" />
  <httpsTransport/>
</binding>    
</customBinding>
</bindings>

<client>
  <endpoint address="https://my-ws-ip/soap/RegistryStoredQuery"
  binding="wsFederationHttpBinding" bindingConfiguration="RegistryServiceBinding"
  contract="IXDSRegistry" name="RegistrySTS" />
</client>
</system.serviceModel>
<startup>
  <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client" />
</startup>
</configuration>

这是从STS(缩写)获取SAML令牌后WCF客户端发送的内容:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
            xmlns:a="http://www.w3.org/2005/08/addressing" 
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action
  s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:fecde50b-a3bd-40f1-ae5b-662a3aa9bf80</a:MessageID>
<ActivityId CorrelationId="cec77c8d-1d09-4e34-9c5a-dbf5bb219ba8"
  xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">bfce2552-393d-43d0-8722-0c16ae22bba4</ActivityId>
<a:ReplyTo>
  <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://10.11.71.151/soap/RegistryStoredQuery</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
  <u:Created>2011-10-28T07:27:50.097Z</u:Created>
  <u:Expires>2011-10-28T07:32:50.097Z</u:Expires>
</u:Timestamp>
<Assertion> .... </Assertion>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
</Signature>
</o:Security>
</s:Header>
<s:Body>
  <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
  <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
  <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
  <t:Entropy>
    <t:BinarySecret u:Id="uuid-d1ed3eb6-d7f6-4d2b-ab7e-a6c60d899bad-3" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">iRqJf4/sY1yiu7Vh1eTGeAWJi7o0gxnhS6A2YvJQ6kI=</t:BinarySecret>
  </t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>

任何可能触发此行为的想法?

最诚挚的问候。

1 个答案:

答案 0 :(得分:0)

wsFederationHttpBinding默认情况下将安全会话设置为true。 You'll need to clone a custom binding and set this to false.

相关问题
最新问题