I am using Simplesamlphp library as IDP. I have been using multiple SPs using my IDP library. I am storing the SP Metadata fields in mysql table instead of storing it in saml20-sp-remote.php file. Because, I am dynamically getting the SP metadata based on the entity id of the service provider.
For one of the SP, they wanted the SAML response which we are passing to their ACS url signed with the IDP x509 certificate file.
In the SAML response xml, the signature value should be having the x509 certificate of the IDP.
When I debugged the SAML response from my simplesamlphp IDP, every request the signature value is getting changed. I need to set the x509 key as signatureValue there.
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_96d1ab8cb2c6afe346c1647fc3fdd6be2140e7665b" Version="2.0" IssueInstant="2025-03-06T11:17:38Z" Destination=".aspx2">
<saml:Issuer>;/saml:Issuer>
<ds:Signature
xmlns:ds=";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=";/>
<ds:SignatureMethod Algorithm=";/>
<ds:Reference URI="#_96d1ab8cb2c6afe346c1647fc3fdd6be2140e7665b">
<ds:Transforms>
<ds:Transform Algorithm=";/>
<ds:Transform Algorithm=";/>
</ds:Transforms>
<ds:DigestMethod Algorithm=";/>
<ds:DigestValue>NWwAINh3rRyaCMt2bAfqgRnK9sbLWPNrBCPbNe8Xnek=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>JwdTXsoL8jXkKyJFL9vs1XWtoN/5OiPMmFa+gIq8do65Y5Dh4/N9nw/7GkwcdjxeW4A6IBj9jfvPc1NSVFZEUZXkdnoyngcDv+M+n4WVmno6IoSJZjRld8d4DJ+CQtSzrmi3OAeYKzuNlE1vC3qGbaYbgXWhnPRqGuSEngH9JTIU88lsokT7psPg66RU3y6SVX/9VMlsFWN5I3WZ2SHB4kW7E6nuuXe5OXmFAznnr+/mHznXZmAwGbuAn2fEoBbYc21DXvw3cFowJZeEbGCAPiyijce+0sG1MPiJOQJ9n+t8bADs0JVAZGLrZ7O6bqZOr3TjVXmgPwpdiilrEPHX1gmQjqnDr+M1pJezYKievcFuwVpmNN3U/WsvPe62AvCLJZoj+vp4qCfsr4KV7qkguqcV1iCS+ddHLoVkdxKbVcBl3A+0Ak9GVpxDbEhfXNnR1BQXOG5f3V8z4zrxS7lUp8tyGUP9CCMiSKCGyIw15uqym7TVpOuewh/g3057nHtm</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data/>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
xmlns:xsi=";
xmlns:xs="; ID="_197a714dc75c6dc63dc85f5cf9854207b121fd8887" Version="2.0" IssueInstant="2025-03-06T11:17:38Z">
<saml:Issuer>;/saml:Issuer>
<ds:Signature
xmlns:ds=";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=";/>
<ds:SignatureMethod Algorithm=";/>
<ds:Reference URI="#_197a714dc75c6dc63dc85f5cf9854207b121fd8887">
<ds:Transforms>
<ds:Transform Algorithm=";/>
<ds:Transform Algorithm=";/>
</ds:Transforms>
<ds:DigestMethod Algorithm=";/>
<ds:DigestValue>0zgy11i+PsA2ihfzf3T3Ivm+B/NM9Bqhztjuqdfa02k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>nd5ONPnfwboKwq6u7WI6g/qDefjCgRq5wL+lnQBB8NZVWf40AvlmY1AjtCGM1gyrY/0OQc+hL3pN6C7kB9b2eeGyItGlYgddOrbaygvjWFTQ4fGW6JkXGGmQTB0573nlmL88YR2pBdzI4twMmrJybiXx5Tp7cJEVwS6ylrMV5lkZAW5IL0nA4YrXq7vEhyTU7sF9cnObh+eijrHjGg3m0GGbiYkM7eybmhkvO50uOdWHuNgzzd3lfRr14GVovAYuiTGI0kwpWAYVBtrPWVefWa7NXtyBDW4Ao+205/xcfB8Ob2of5lSzkxS63jDhIQ2jvgKdz4/hjOkVDSkdkxLbTySXkFDMQ96i3mEFK7am9i2LrM1A688ImlC7DG2raprENK+beLBvRdv0/61dUy24lwe8zyLTUfZwN9QMw2WvmJDJghbe5f6wWa74lyKdac1uk3JQmjTkDllA0OGjUSlgQVhz5ARkaG9FFxeWbBswuVkmr59LFmy7fjLcf/VUk6IH</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data/>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID SPNameQualifier=".aspx" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">[email protected]</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2025-03-06T11:22:38Z" Recipient=".aspx2"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2025-03-06T11:17:08Z" NotOnOrAfter="2025-03-06T11:22:38Z">
<saml:AudienceRestriction>
<saml:Audience>.aspx</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2025-03-06T11:17:38Z" SessionNotOnOrAfter="2025-03-06T19:17:38Z" SessionIndex="_10481363cc6fb3d57a7b13a438def1be10fbe3f5b7">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="SSOID1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">11111</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="SSOID2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Adam</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="SSOID3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">A</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="SSOID4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">99999</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="SSOID5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">DBI-Consumer</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
How can I achieve this using simplesamlphp. I also need to know where the signature value is getting created in the code.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744979469a4604354.html
评论列表(0条)