I n开发者_开发百科eed to build a SAML 1.1 Response containing an assertion. This is for a BPP (Browser Post Profile) request. The documentation I am using simply says it should be a signed response. I can't find any reference that says how to actually sign the request and how to put that signing information into the SAML Response XML.
My questions are:
- How do I generate a keypair for signing?
- How do I, in general, perform the signing operation?
- Where do I put the results in the SAML Response?
- You can generate self-signed certs using OpenSSL.
- The SAML 1.1 spec says that you must use XML Signature [XMLSig] to ensure the integrity of the message.
- The SAML 1.1 schema .xsd files outline where the signature must be placed
Alternatively, you can use something like PingFederate (and the PHP Integration Kit) from Ping Identity to handle all this for you and ensure that your messages are completely compliant to the various SAML and WS-Federation Browser Profiles.
HTH - Ian
*Disclaimer - I do work for PI.com as an Architect.
精彩评论