10,606
社区成员
发帖
与我相关
我的任务
分享关于Ping SSO, 急问!!!在线等。。。
这个是对方尝试SSO到我们这里的时候,传过来的SAML:
<?xml version="1.0" encoding="UTF-8"?>
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://loginuat.starcite.com/sp/ACS.saml2" ID="MbTCSdJYtc" IssueInstant="2011-07-28T15:39:08Z" Version="2.0">
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference xmlns="http://www.w3.org/2000/09/xmldsig#" URI="">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">okWicZeF5ahlYy6kPXaIN4sv/go=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
kEpeRd/12zhQqQGLdBmdA1hdqPWcj0T09h9vPlXQO0XQmiaMGkDRYOIFhcNn0TjcpPGHaGI2UGYi
QJVZkyySGc09Cyvgc5NS2gp1TQ6Wv75s7BJ7MsusVUDQ6DTN3GCCrziLVA/iSwz1KZzu5NiN+nBd
l4t8EwUhtc49hWpO/zA=
</SignatureValue>
</Signature>
<saml:Assertion ID="dRPtSorFUU" IssueInstant="2011-07-28T15:39:08Z" Version="2.0">
<saml:Issuer>OFB</saml:Issuer>
<saml:Subject>
<saml:NameID>cvasudevan@orbitz.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotBefore="2011-07-28T15:39:08Z" NotOnOrAfter="2011-07-28T15:44:08Z" Recipient="https://loginuat.starcite.com/sp/ACS.saml2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2011-07-28T15:39:08Z" NotOnOrAfter="2011-07-28T15:44:08Z">
<saml:AudienceRestriction>
<saml:Audience>StarciteUAT</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="CompanyID">
<saml:AttributeValue>d68c7a7b-4ebd-426e-9a63-7743f8bac180</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="PartnerID">
<saml:AttributeValue>StarciteUAT</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EntityName">
<saml:AttributeValue>chaicorp</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Email">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName">
<saml:AttributeValue>chaithanya</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName">
<saml:AttributeValue>TPTEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="UserID">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</Response>
可是报了下面的错:
Response XML is invalid. Errors: [error: Expected element Assertion@urn:oasis:names:tc:SAML:2.0:assertion instead of Signature@http://www.w3.org/2000/09/xmldsig# here in element Response@urn:oasis:names:tc:SAML:2.0:protocol]. InMessageContext
XML: <Response Destination="https://loginuat.starcite.com/sp/ACS.saml2" ID="EDjqIolfkt" IssueInstant="2011-07-28T13:46:21Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<saml:Assertion ID="XiseoCkNZm" IssueInstant="2011-07-28T13:46:21Z" Version="2.0">
<saml:Issuer>OFB</saml:Issuer>
<saml:Subject>
<saml:NameID>cvasudevan@orbitz.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotBefore="2011-07-28T13:46:21Z" NotOnOrAfter="2011-07-28T13:51:21Z" Recipient="https://loginuat.starcite.com/sp/ACS.saml2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2011-07-28T13:46:21Z" NotOnOrAfter="2011-07-28T13:51:21Z">
<saml:AudienceRestriction>
<saml:Audience>StarciteUAT</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="CompanyID">
<saml:AttributeValue>d68c7a7b-4ebd-426e-9a63-7743f8bac180</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="PartnerID">
<saml:AttributeValue>StarciteUAT</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EntityName">
<saml:AttributeValue>chaicorp</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Email">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName">
<saml:AttributeValue>chaithanya</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName">
<saml:AttributeValue>TPTEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="UserID">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="" xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">5UU3bCPOHVBpaCJKg2e8dAtSq/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">aAptAXBwtSbGCUPLSCgOQj0Law7MpwIHBMyRy41XQm+EVzQLVxkeIHfRSVGrUodWQoUabET4WUwK
ibzS5gIwdjsl2L5b1lqyY9nRwAwjW/i/A0Lp5dq5Nlr6VgumAd/mObX4Tu0bWiuMtCYm4YVMk0Nc
ewI2H44rY1TxI5H1dKA=</SignatureValue>
</Signature>
</Response>
entityId: OFB (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: http://orbitzforbusinessuat.starcite.com/search/search
SignatureStatus: VALID
Binding says to sign: true
看上面我标出来红色字体的错误,看起来像是关于SAML本身,而跟配置无关?
求达人指教!
<?xml version="1.0" encoding="UTF-8"?>
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://loginuat.starcite.com/sp/ACS.saml2" ID="MbTCSdJYtc" IssueInstant="2011-07-28T15:39:08Z" Version="2.0">
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference xmlns="http://www.w3.org/2000/09/xmldsig#" URI="">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">okWicZeF5ahlYy6kPXaIN4sv/go=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
kEpeRd/12zhQqQGLdBmdA1hdqPWcj0T09h9vPlXQO0XQmiaMGkDRYOIFhcNn0TjcpPGHaGI2UGYi
QJVZkyySGc09Cyvgc5NS2gp1TQ6Wv75s7BJ7MsusVUDQ6DTN3GCCrziLVA/iSwz1KZzu5NiN+nBd
l4t8EwUhtc49hWpO/zA=
</SignatureValue>
</Signature>
<saml:Assertion ID="dRPtSorFUU" IssueInstant="2011-07-28T15:39:08Z" Version="2.0">
<saml:Issuer>OFB</saml:Issuer>
<saml:Subject>
<saml:NameID>cvasudevan@orbitz.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotBefore="2011-07-28T15:39:08Z" NotOnOrAfter="2011-07-28T15:44:08Z" Recipient="https://loginuat.starcite.com/sp/ACS.saml2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2011-07-28T15:39:08Z" NotOnOrAfter="2011-07-28T15:44:08Z">
<saml:AudienceRestriction>
<saml:Audience>StarciteUAT</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="CompanyID">
<saml:AttributeValue>d68c7a7b-4ebd-426e-9a63-7743f8bac180</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="PartnerID">
<saml:AttributeValue>StarciteUAT</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EntityName">
<saml:AttributeValue>chaicorp</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Email">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName">
<saml:AttributeValue>chaithanya</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName">
<saml:AttributeValue>TPTEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="UserID">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</Response>
可是报了下面的错:
Response XML is invalid. Errors: [error: Expected element Assertion@urn:oasis:names:tc:SAML:2.0:assertion instead of Signature@http://www.w3.org/2000/09/xmldsig# here in element Response@urn:oasis:names:tc:SAML:2.0:protocol]. InMessageContext
XML: <Response Destination="https://loginuat.starcite.com/sp/ACS.saml2" ID="EDjqIolfkt" IssueInstant="2011-07-28T13:46:21Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</Status>
<saml:Assertion ID="XiseoCkNZm" IssueInstant="2011-07-28T13:46:21Z" Version="2.0">
<saml:Issuer>OFB</saml:Issuer>
<saml:Subject>
<saml:NameID>cvasudevan@orbitz.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotBefore="2011-07-28T13:46:21Z" NotOnOrAfter="2011-07-28T13:51:21Z" Recipient="https://loginuat.starcite.com/sp/ACS.saml2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2011-07-28T13:46:21Z" NotOnOrAfter="2011-07-28T13:51:21Z">
<saml:AudienceRestriction>
<saml:Audience>StarciteUAT</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Attribute Name="CompanyID">
<saml:AttributeValue>d68c7a7b-4ebd-426e-9a63-7743f8bac180</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="PartnerID">
<saml:AttributeValue>StarciteUAT</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EntityName">
<saml:AttributeValue>chaicorp</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Email">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName">
<saml:AttributeValue>chaithanya</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName">
<saml:AttributeValue>TPTEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="UserID">
<saml:AttributeValue>cvasudevan@orbitz.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Reference URI="" xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">5UU3bCPOHVBpaCJKg2e8dAtSq/k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">aAptAXBwtSbGCUPLSCgOQj0Law7MpwIHBMyRy41XQm+EVzQLVxkeIHfRSVGrUodWQoUabET4WUwK
ibzS5gIwdjsl2L5b1lqyY9nRwAwjW/i/A0Lp5dq5Nlr6VgumAd/mObX4Tu0bWiuMtCYm4YVMk0Nc
ewI2H44rY1TxI5H1dKA=</SignatureValue>
</Signature>
</Response>
entityId: OFB (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
relayState: http://orbitzforbusinessuat.starcite.com/search/search
SignatureStatus: VALID
Binding says to sign: true
看上面我标出来红色字体的错误,看起来像是关于SAML本身,而跟配置无关?
求达人指教!
...全文
请发表友善的回复…
发表回复
