将SAML令牌转换为JWT [英] Convert a SAML token to JWT

问题描述

我正在尝试使用SAML令牌连接到ACS，问题是ACS已配置为仅接受JWT令牌. 将SAML转换为JWT的最佳方法是什么?

I am trying to connect to ACS using a SAML token, problem is ACS has been configured to only accept JWT tokens. What is the best way to convert SAML to JWT?

谢谢

推荐答案

您应该要求IDP在当前的SAML令牌中提供JWT令牌作为SAML属性，或者要求它们为您提供一种获取JWT令牌的替代方法.您需要的JWT令牌.

You should ask your IDP to provide the JWT token as a SAML attribute inside your current SAML tokens, or ask them to provide you with an alternative way of acquiring the JWT tokens you require.

SAML令牌(通常是SAML声明)通常由身份提供商(IDP)发出并进行数字签名-以便中继方可以验证令牌的真实性.这意味着您无法将令牌从SAML转换为JWT，因为您将无法代表IDP创建新的签名.

The SAML token (typically a SAML assertion) is usually issued by an identity provider (IDP) and digitally signed - so that the relaying parties can verify authenticity of the token. This means that you cannot convert token from SAML to JWT, as you will be unable to create a new signature on behalf of your IDP.

JWT规范包含一个很好的，您可能需要对其进行遍历:

The JWT specification contains a good explanation of difference between SAML and JWT tokens, you might want to go through it:

尽管JWT可以完成SAML断言的某些工作，但JWT并不是要完全替代SAML断言，而是在考虑易于实现或紧凑性时用作令牌格式.

While JWTs can do some of the things SAML assertions do, JWTs are not intended as a full replacement for SAML assertions, but rather as a token format to be used when ease of implementation or compactness are considerations.

我在这里假设您不是在自行发行SAML令牌，因为在这种情况下，您无需转换它们-您可以直接创建自己的JWT令牌.

I'm presuming here that you are not self-issuing your SAML tokens, as in such a case you wouldn't need to convert them - you could create your own JWT token directly.

这篇关于将SAML令牌转换为JWT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！