有没有像nusoap这样的独立库,用于saml断言的soap Web服务,可以创建这样的saml:
<samlp:Response ID="_d645f885-b6b9-4712-ba57-0b3cab551fab" Version="2.0"
IssueInstant="2013-11-13T15:12:16.155Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Organization Name</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
<samlp:StatusMessage>Success</samlp:StatusMessage>
</samlp:Status>
<saml:Assertion Version="2.0" ID="_77a92d43-56db-4ed5-b07b-928db05cd67d"
IssueInstant="2013-11-13T15:12:16.141Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>Organization Name</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_77a92d43-56db-4ed5-b07b-928db05cd67d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="#default saml ds xs xsi"
xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>(AUTO GENERATED)</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>(AUTO GENERATED)</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>(YOUR PUBLIC CERT SUBJECT)</X509SubjectName>
<X509Certificate>(YOUR PUBLIC CERT)</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>(HUB Partner ID)</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
<saml:NameID>(YOUR CERT NAME)</saml:NameID>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2013-11-13T14:12:16.141Z"
NotOnOrAfter="2013-11-13T16:12:16.141Z"/>
<saml:AttributeStatement>
<saml:Attribute Name="State Exchange Code"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue>(STATE CODE FOLLOWED BY ZERO)</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Partner Assigned Consumer ID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue>(YOU ASSIGN THIS VALUE 1-32 STRING)</saml:AttributeValue>
</saml:Attribute>
<saml:AuthnStatement AuthnInstant="2013-11-13T15:12:16.141Z">
<saml:SubjectLocality Address=""/>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
'
目前,我正在php中用值和发送服务提供商URL构建saml变量,但我在验证saml时出错,库生成的&正如我现在所做的,请在这方面帮助我simplesaml很难配置,我不能将其包含在我们现有的系统中,而且它们是symfony捆绑包,所以请在您的建议中排除
通过访问此Url,首先在浏览器中加载Akamai cookie。
并使用Light SAML PHP库来创建和验证SAML请求。
$ed = new EntityDescriptor();
$sp = new SpSsoDescriptor();
$ed->addItem($sp);
// KeyDescriptor
$certificate = new X509Certificate();
$certificate->loadFromFile($certificatePath);
$keyDescriptor = new KeyDescriptor('signing', $certificate);
$ed->addItem($keyDescriptor);
// SingleLogoutService
$s = new SingleLogoutService();
$s->setLocation($url);
$s->setBinding($this->resolveBinding($binding));
$sp->addService($s);
// AssertionConsumerService
$s = new AssertionConsumerService($binding1, $url, 0);
$sp->addService($s);
$s = new AssertionConsumerService($binding2, $url, 1);
$sp->addService($s);