如何使用WCF将SAML-assertion包含到Soap-Security-Header中 [英] How to include SAML-assertion into Soap-Security-Header with WCF

问题描述

我挣扎了近一个星期，通过WCF将SAML令牌包含在Soap请求中。



我从第三个获得Saml断言-party security-token-service响应，如下所示：

I'm struggling for almost a week to include a SAML-token into a Soap-request via WCF.

I get a Saml-assertion from a third-party security-token-service response which looks like:

<soapenv:Envelope>
 <soapenv:Header/>
 <S:Body>
  <ns4:RequestSecurityTokenResponse>
   <ns4:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</ns4:TokenType>
   <ns4:RequestedSecurityToken>
    <saml:Assertion>
     <saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
     <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
        <saml:SubjectConfirmation>
         <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">                                                                       <ds:X509Data>
            <ds:X509Certificate>removed</ds:X509Certificate>                                                                           </ds:X509Data>
          </ds:KeyInfo>
         </saml:SubjectConfirmation>
      </saml:Subject>
     </saml:AuthenticationStatement>
     <saml:AttributeStatement>
      <saml:Subject>                  <saml:NameIdentifier>removed</saml:NameIdentifier>
       <saml:SubjectConfirmation>
        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:X509Data>                  <ds:X509Certificate>removed</ds:X509Certificate>
         </ds:X509Data>
        </ds:KeyInfo>
       </saml:SubjectConfirmation>
      </saml:Subject>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       ...
     </saml:AttributeStatement>
     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
       <dsig:CanonicalizationMethod />
       <dsig:SignatureMethod />
       <dsig:Reference >
        <dsig:Transforms>
         <dsig:Transform />
         <dsig:Transform />
        </dsig:Transforms>
        <dsig:DigestMethod />
        <dsig:DigestValue>removed</dsig:DigestValue>
       </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>removed</dsig:SignatureValue>
     </dsig:Signature>
    </saml:Assertion>
   </ns4:RequestedSecurityToken>
   <ns4:Lifetime>
    <ns2:Created>2014-05-05T15:15:06.787Z</ns2:Created>
    <ns2:Expires>2014-05-05T16:15:06.787Z</ns2:Expires>
   </ns4:Lifetime>
  </ns4:RequestSecurityTokenResponse>
</S:Body>
</soapenv:Envelope>

为了使用该第三方的其他服务，我需要在我的请求中包含完整的SAML-assertion标签，我的请求应如下所示：

In order to consume the other services from that third party I need to include the full SAML-assertion tag into my request, my request should look like:

<soapenv:Envelope xmlns:S="S" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <saml:Assertion>
     <saml:Conditions NotBefore="2014-05-05T15:15:06.787Z" NotOnOrAfter="2014-05-05T16:15:06.787Z"/>
     <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
        <saml:SubjectConfirmation>
         <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">                                     <ds:X509Data> <ds:X509Certificate>removed</ds:X509Certificate>                                          </ds:X509Data>
          </ds:KeyInfo>
         </saml:SubjectConfirmation>
      </saml:Subject>
     </saml:AuthenticationStatement>
     <saml:AttributeStatement>
      <saml:Subject>
       <saml:NameIdentifier>removed</saml:NameIdentifier>
       <saml:SubjectConfirmation>
        <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:X509Data>
          <ds:X509Certificate>removed</ds:X509Certificate>
         </ds:X509Data>
        </ds:KeyInfo>
       </saml:SubjectConfirmation>
      </saml:Subject>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       <saml:Attribute ...>
        <saml:AttributeValue>removed</saml:AttributeValue>
       </saml:Attribute>
       ...
     </saml:AttributeStatement>
     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
       <dsig:CanonicalizationMethod />
       <dsig:SignatureMethod />
       <dsig:Reference >
        <dsig:Transforms>
         <dsig:Transform />
         <dsig:Transform />
        </dsig:Transforms>
        <dsig:DigestMethod />
        <dsig:DigestValue>removed</dsig:DigestValue>
       </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>removed</dsig:SignatureValue>
     </dsig:Signature>
    </saml:Assertion>
    ... some other signatures ...
    ... timestamp ...
 </soapenv:Header>
 <soapenv:Body>
   ... the body ...
 </soapenv:Body>
</soapenv:Envelope>

有没有人知道如何实现这个目标？



问候，

Kevin

Does anyone have any idea how to achieve this?

Regards,
Kevin

推荐答案

这篇关于如何使用WCF将SAML-assertion包含到Soap-Security-Header中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！