格式化 Saml2SecurityToken xml 以在标记中包含 saml
本文关键字:包含 saml Saml2SecurityToken xml 格式化 | 更新日期: 2023-09-27 18:33:24
我是SAML东西的入门者。我已经编写了一个代码来获取XML格式文件中的Saml2SecurityToken。但是,我得到的 xml 在标签中不包含 SAML。
实际:
<?xml version="1.0" encoding="utf-8"?>
<Assertion ID="_750e2198-2802-43ed-a6a8-3c991cdd1531" IssueInstant="2014-12-05T13:13:22.822Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
.....
</Assertion>
预期:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="_7cfb8b12d1b08367d163fea9c81d8e98" IssueInstant="2014-03-20T17:54:10.107Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">THE_ISSUER_ID (Typically a URL)</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_23dcb09d50ddf580e2186836c0ffddff" IssueInstant="2014-03-20T17:54:10.099Z" Version="2.0">
.......
</saml2:Assertion>
</saml2p:Response>
这是我编写的用于生成安全令牌并写入文件的代码:
public static void SsoRequest(string content, string arguments)
{
try
{
string identifier = Guid.NewGuid().ToString();
string _privateCertificatepath = Engine.ConfigFiles[SSO.SAMLConfigurationName]["PrivateCertificatePath"].Value;
byte[] _certificateByte = System.IO.File.ReadAllBytes(_privateCertificatepath);
string password = Engine.ConfigFiles[SSO.SAMLConfigurationName]["CertificatePassword"].Value; ;
string opfilepath = @"C:'test.xml";
Saml2SecurityToken token = GetSamlAssertionSignedWithCertificate(identifier, password, _certificateByte);
FileStream fs = new FileStream(opfilepath, FileMode.Create, FileAccess.Write);
XmlWriter xmlwriter = XmlWriter.Create(HttpContext.Current.Response.Output);
Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler();
tokenHandler.WriteToken(xmlwriter, token);
xmlwriter.Flush();
xmlwriter.Close();
fs.Dispose();
}
catch (Exception ex)
{
}
HttpContext.Current.Response.Redirect("index.aspx", true);
}
public static Saml2SecurityToken GetSamlAssertionSignedWithCertificate(String nameIdentifierClaim, String password, Byte[] _certificateByte)
{
Saml2Assertion assertion = new Saml2Assertion(new Saml2NameIdentifier("http://www.example.com/"));
Saml2Conditions conditions = new Saml2Conditions();
conditions.NotBefore = DateTime.UtcNow;
conditions.NotOnOrAfter = DateTime.MaxValue;
assertion.Conditions = conditions;
Saml2Subject subject = new Saml2Subject();
subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(Saml2Constants.ConfirmationMethods.Bearer));
subject.NameId = new Saml2NameIdentifier(nameIdentifierClaim);
assertion.Subject = subject;
X509Certificate2 _cert = new X509Certificate2(_certificateByte, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(_cert);
assertion.SigningCredentials = clientSigningCredentials;
return new Saml2SecurityToken(assertion);
}
我在这里错过了什么吗?提前谢谢。
至少
从XML的角度来看,你不应该需要它。只要 xmlns 指向正确的 URI,就可以使用任何方便的别名(包括空/默认别名)指定 XML 命名空间。URI(在本例中为 Oasis SAML URN)是唯一重要的东西。
因此,这四个元素是XML等效的,大多数XML库甚至不提供区分的方法:
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" …
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" …
<fnord:Assertion xmlns:fnord="urn:oasis:names:tc:SAML:2.0:assertion" …
<!-- by convention & convenience aliases are usually lowercase,
but don't have to be -->
<ZB:Assertion xmlns:ZB="urn:oasis:names:tc:SAML:2.0:assertion" …
任何需要特定命名空间别名的东西都可能是有人在做自己的(有缺陷的)XML解析,而不是使用标准库,这使得他们的整个SOAP和SAML堆栈都令人怀疑。