颁发者ITfoxtec.Identity.Saml2的多个证书 [英] Multiple certificates for Issuer ITfoxtec.Identity.Saml2

问题描述

AS上下文：我正在尝试使用ITfoxtec.Identity.Saml2库实现SAML2.0身份验证。我想为一个服务提供商使用多个证书，因为不同的客户端可以登录到服务提供商，并且每个客户端都可以有自己的证书。我需要一个第三方登录服务有可能从我的服务提供商metadata.xml证书列表中选择当SAML请求发生时。ITfoxtec.Identity.Saml2库是否支持这种可能性，或者是否有一些解决方案可以实现它？谢谢您

推荐答案

通常只有一个Saml2配置。但是在您的例子中，我将实现一些Saml2Configuration逻辑，在这里我可以使用当前证书(Signing证书/解密证书)请求特定的Saml2Configuration。然后在AuthController中使用此特定的Saml2Configuration.

元数据(MetadataController)然后将调用Saml2Configuration逻辑以获取所有证书的列表。

类似以下内容：

public class MetadataController : Controller
{
    private readonly Saml2Configuration config;
    private readonly Saml2ConfigurationLogic saml2ConfigurationLogic;

    public MetadataController(IOptions<Saml2Configuration> configAccessor, Saml2ConfigurationLogic saml2ConfigurationLogic)
    {
        config = configAccessor.Value;
        this.saml2ConfigurationLogic = saml2ConfigurationLogic;
    }

    public IActionResult Index()
    {
        var defaultSite = new Uri($"{Request.Scheme}://{Request.Host.ToUriComponent()}/");

        var entityDescriptor = new EntityDescriptor(config);
        entityDescriptor.ValidUntil = 365;
        entityDescriptor.SPSsoDescriptor = new SPSsoDescriptor
        {
            WantAssertionsSigned = true,
            SigningCertificates = saml2ConfigurationLogic.GetAllSigningCertificates(),
            //EncryptionCertificates = saml2ConfigurationLogic.GetAllEncryptionCertificates(),
            SingleLogoutServices = new SingleLogoutService[]
            {
                new SingleLogoutService { Binding = ProtocolBindings.HttpPost, Location = new Uri(defaultSite, "Auth/SingleLogout"), ResponseLocation = new Uri(defaultSite, "Auth/LoggedOut") }
            },
            NameIDFormats = new Uri[] { NameIdentifierFormats.X509SubjectName },
            AssertionConsumerServices = new AssertionConsumerService[]
            {
                new AssertionConsumerService {  Binding = ProtocolBindings.HttpPost, Location = new Uri(defaultSite, "Auth/AssertionConsumerService") }
            },
            AttributeConsumingServices = new AttributeConsumingService[]
            {
                new AttributeConsumingService { ServiceName = new ServiceName("Some SP", "en"), RequestedAttributes = CreateRequestedAttributes() }
            },
        };
        entityDescriptor.ContactPerson = new ContactPerson(ContactTypes.Administrative)
        {
            Company = "Some Company",
            GivenName = "Some Given Name",
            SurName = "Some Sur Name",
            EmailAddress = "some@some-domain.com",
            TelephoneNumber = "11111111",
        };
        return new Saml2Metadata(entityDescriptor).CreateMetadata().ToActionResult();
    }

    private IEnumerable<RequestedAttribute> CreateRequestedAttributes()
    {
        yield return new RequestedAttribute("urn:oid:2.5.4.4");
        yield return new RequestedAttribute("urn:oid:2.5.4.3", false);
    }
}

这篇关于颁发者ITfoxtec.Identity.Saml2的多个证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！