开发者

SAML Assertion response

开发者 https://www.devze.com 2023-03-05 15:19 出处:网络
I am working on idp-initiated authentication. I have created a response to be sent to SalesForce but stuck at one point. See the XML code below. Tell me 开发者_JS百科 from where I can get values to be

I am working on idp-initiated authentication. I have created a response to be sent to SalesForce but stuck at one point. See the XML code below. Tell me 开发者_JS百科 from where I can get values to be fill in these tags.

<SignatureValue>, <X509Certificate> and <DigestMethod>

XML CODE: This is the part of SAMLAssertion that IDP posts to SP for authentication.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#s2541b842781b7edbe3b3077bf7d11bae88eaa73e7">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>MnTEd3S3uu7MvGAFE5iB8DEhr9U=</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>Jf/FNn5309vTWMKJ1o5sdMV/tY/Y+LV3F2eK4+LaIlmKYUHPInX4h+mUg3ef3IXTJ16aYu0A7aRK dHMc3UDF5BlMvfOEpGMEdARQY0O+VzkLJjZMDKG3DlSpfcVZrw/rm4wlZ6oYwhZEOhS0Gi3OOoeR jQn1ONABsfiprr1BYYo=</SignatureValue>
    <KeyInfo>
        <X509Data>
            <X509Certificate>MIIEijCCA/OgAwIBAgIQPn+ClEjH2V3Jynt7u3v+XzANBgkqhkiG9w0BAQUFADCBujEfMB0 GA1UEChMWVmVyaVNpZ24gVoycE7oe0xvQEad1Hs6xHCRDbJVIr4=</X509Certificate>
        </X509Data>
    </KeyInfo>
</Signature>


Check that the certificate 'hard-coded' into the assertion is that same as the certificate imported into SalesForce.com. The above message would suggest that this is NOT the case.

Make sure that you are using proper classes in order make signature for response.

0

精彩评论

暂无评论...
验证码 换一张
取 消