在签署 SAML 请求时使用哪个公钥(SP 或远程 IDP) [英] Which public key (SP or remote IDP) to use while signing SAML request

问题描述

我正在尝试配置我的应用程序 (SP) 以使用远程 IDP.IDP 为我提供了一个证书来配置 SP.对于 SAML 请求，我是使用 SP 的公钥还是 IDP 的?另外，我在哪里可以找到详细研究 SAML 的好资源(除了绿洲正式文件).我发现的教程非常简单(即它们只是描述了 SP 转到 IDP，然后它被重定向回来，但没有详细介绍 SAML 消息).绿洲文件令人困惑.感谢您的任何答复

I am trying to configure my application (SP) to work with remote IDP. The IDP provided me with a certificate to configure with SP. For SAML request, do I use SP's public key or IDP's? Also, where can I find good resources to study SAML in detail (apart from the oasis formal documents). The tutorials that I find are very simplistic (i.e. they just describe that SP goes to IDP and then it is redirected back but do not go into detail on SAML messages). The oasis documents are confusing. Thanks for any answers

推荐答案

我不是 100% 确定，但从这两个来源看来，您应该使用您(SP 的)私钥进行签名并与之共享关联的公钥IdP，以便他们可以验证签名.

I'm not 100% sure, but it looks from these two sources that you should sign with your (SP's) private key and share the associated public key with the IdP so they can verify the signature.

• 如何创建签名的 AuthNRequest?
• http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf(第 25 页)

• How to created signed AuthNRequest?
• http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf (p.25)

这篇关于在签署 SAML 请求时使用哪个公钥(SP 或远程 IDP)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！