如何使用WCF将SAML-assertion包含到Soap-Security-Header中 [英] How to include SAML-assertion into Soap-Security-Header with WCF
本文介绍了如何使用WCF将SAML-assertion包含到Soap-Security-Header中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我挣扎了近一个星期,通过WCF将SAML令牌包含在Soap请求中。
我从第三个获得Saml断言-party security-token-service响应,如下所示:
I'm struggling for almost a week to include a SAML-token into a Soap-request via WCF.
I get a Saml-assertion from a third-party security-token-service response which looks like:
<soapenv:Envelope>
<soapenv:Header/>
<S:Body>
<ns4:RequestSecurityTokenResponse>
<ns4:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns4:TokenType>
<ns4:RequestedSecurityToken>
<saml:Assertion>
<saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
<saml:Subject>
<saml:NameIdentifier>removed</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data>
<ds:X509Certificate>removed</ds:X509Certificate> </ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject> <saml:NameIdentifier>removed</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data> <ds:X509Certificate>removed</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute ...>
<saml:AttributeValue>removed</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute ...>
<saml:AttributeValue>removed</saml:AttributeValue>
</saml:Attribute>
...
</saml:AttributeStatement>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod />
<dsig:SignatureMethod />
<dsig:Reference >
<dsig:Transforms>
<dsig:Transform />
<dsig:Transform />
</dsig:Transforms>
<dsig:DigestMethod />
<dsig:DigestValue>removed</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>removed</dsig:SignatureValue>
</dsig:Signature>
</saml:Assertion>
</ns4:RequestedSecurityToken>
<ns4:Lifetime>
<ns2:Created>2014-05-05T15:15:06.787Z</ns2:Created>
<ns2:Expires>2014-05-05T16:15:06.787Z</ns2:Expires>
</ns4:Lifetime>
</ns4:RequestSecurityTokenResponse>
</S:Body>
</soapenv:Envelope>
为了使用该第三方的其他服务,我需要在我的请求中包含完整的SAML-assertion标签,我的请求应如下所示:
In order to consume the other services from that third party I need to include the full SAML-assertion tag into my request, my request should look like:
<soapenv:Envelope xmlns:S="S" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<saml:Assertion>
<saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
<saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
<saml:Subject>
<saml:NameIdentifier>removed</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>removed</ds:X509Certificate> </ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Subject>
<saml:NameIdentifier>removed</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>removed</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute ...>
<saml:AttributeValue>removed</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute ...>
<saml:AttributeValue>removed</saml:AttributeValue>
</saml:Attribute>
...
</saml:AttributeStatement>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod />
<dsig:SignatureMethod />
<dsig:Reference >
<dsig:Transforms>
<dsig:Transform />
<dsig:Transform />
</dsig:Transforms>
<dsig:DigestMethod />
<dsig:DigestValue>removed</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>removed</dsig:SignatureValue>
</dsig:Signature>
</saml:Assertion>
... some other signatures ...
... timestamp ...
</soapenv:Header>
<soapenv:Body>
... the body ...
</soapenv:Body>
</soapenv:Envelope>
有没有人知道如何实现这个目标?
问候,
Kevin
Does anyone have any idea how to achieve this?
Regards,
Kevin
推荐答案
这篇关于如何使用WCF将SAML-assertion包含到Soap-Security-Header中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文