objective-c - 如何使用NSURLConnection发布SAML响应消息？

我正在创建一个iPhone应用程序，该应用程序允许用户与 protected 服务器进行交互。但是，要对用户进行身份验证，应用程序需要从服务器登录到数据已打开的服务器(提供SSO)，然后从服务器通过SAML。因此，该应用程序模仿发送SAML HTTP请求(通常由浏览器来处理)。

该过程正在使用Mechanize gem与Ruby一起使用，但是现在我无法使其在具有NSURLConnection的iPhone上运行。

我遇到的问题是:看来baseURL编码的SAML响应没有被NSURLConnection正确地发送到服务器。用空格替换+号，从而导致服务器端SAML响应的解码失败。将URL编码与stringByAddingPercentEscapesUsingEncoding一起使用会导致相同的解码错误。

这是提取和发送SAML响应的代码:

// Extract the SAML Response from the form that is sent by the server
body = [[NSString alloc] initWithData:[self receivedData]     encoding:NSUTF8StringEncoding];
NSString *searchSAMLResponseStart = @"name=\"SAMLResponse\" value=\"";
NSString *searchSAMLResponseEnd = @">\n<NOSCRIPT><INPUT TYPE=\"SUBMIT\"";
NSRange samlResponseStartRange = [body rangeOfString:searchSAMLResponseStart options:0];
NSRange samlResponseEndRange = [body rangeOfString:searchSAMLResponseEnd options:0];
NSRange range = NSMakeRange (NSMaxRange(samlResponseStartRange), samlResponseEndRange.location - NSMaxRange(samlResponseStartRange) -1);
NSString* samlResponseString = [body substringWithRange:range];

// Construct the SAML POST request
NSURL               *url;
NSMutableURLRequest *request;
url = [NSURL URLWithString:kSamlPostUrl];
request = [NSMutableURLRequest requestWithURL:url];
NSString *userAgent = kUserAgent;
[request setValue:userAgent forHTTPHeaderField:@"User-Agent"];
[request setHTTPMethod:@"POST"];
NSString *post = [@"RelayState=https://example.com&SAMLResponse=" stringByAppendingString:samlResponseString];
NSData *postData = [post dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:NO];
NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:postData];

// Send the request
self.connectionPostSaml = [NSURLConnection connectionWithRequest:request delegate:self];

服务器发送的SAML表单以及SAML响应的来源，如下所示:

<html>
<HEAD><META HTTP-EQUIV='PRAGMA' CONTENT='NO-CACHE'><META HTTP-EQUIV='CACHE-CONTROL'     CONTENT='NO-CACHE'><TITLE>SAML 2.0 Auto-POST form</TITLE></HEAD>
   <body onLoad="document.forms[0].submit()">
<NOSCRIPT>Your browser does not support JavaScript.  Please click the 'Continue' button     below to proceed. <br><br></NOSCRIPT>
      <form action="https://sso.example.com/saml2" method="POST">
         <input type="hidden" name="RelayState" value="https://example.com">
         <input type="hidden" name="SAMLResponse"     value="PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl
c3RpbmF0aW9uPSJodHRwczovL3Nzby5vcG93ZXIuY29tL3NwL0FDUy5zYW1sMiIgSUQ9Il85ZWY0
M2MzMGRkZmQ0YzY1ODNiMjgxZjAwNDU5ZWQyMjZmMjQiIElzc3VlSW5zdGFudD0iMjAxMi0wMy0y
OFQyMTo0MDowNloiIFZlcnNpb249IjIuMCI+CiAgICA8bnMxOklzc3VlciB4bWxuczpuczE9InVy
bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5h
bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5wZ2UuY29tPC9uczE6SXNzdWVy
(…)
cnRpb24+CjwvUmVzcG9uc2U+">
<NOSCRIPT><INPUT TYPE="SUBMIT" VALUE="Continue"></NOSCRIPT>
      </form>
   </body>
</html>

以及服务器在收到POST请求后产生的错误:

Unable to parse incoming SAML2 message, raw:     PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl
c3RpbmF0aW9uPSJodHRwczovL3Nzby5vcG93ZXIuY29tL3NwL0FDUy5zYW1sMiIgSUQ9Il9iN2Q5
OTZhMmI1MjhiNWRkNjY0YWM4YjUwZmVjM2M2OTMzMWEiIElzc3VlSW5zdGFudD0iMjAxMi0wMy0y
OVQyMjowMzoxNVoiIFZlcnNpb249IjIuMCI CiAgICA8bnMxOklzc3VlciB4bWxuczpuczE9InVy
bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5h
bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5wZ2UuY29tPC9uczE6SXNzdWVy
PgogICAgPFN0YXR1cz4KICAgICAgICA8U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVz
OnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8 CiAgICA8L1N0YXR1cz4KICAgIDxuczI6QXNz
(…)

请注意原始响应中的+号如何变为空格。

服务器似乎解码接收到的响应并因此用空格替换+号是正常行为，但是:为什么从浏览器而不是从NSURLConnection发布SAML表单时，为什么它起作用？

为了解决我尝试了:

使用不同的编码来解码和编码SAML响应。现在使用NSUTF8StringEncoding，也尝试过:NSASCIIStringEncoding，NSNEXTSTEPStringEncoding，NSNonLossyASCIIStringEncoding，NSUnicodeStringEncoding

使用stringByAddingPercentEscapesUsingEncoding，因此这行代码:

NSString * samlResponseString = [body substringWithRange:range];

变成:

NSString* samlResponseString = [[body substringWithRange:range] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];

使用其他enctypes作为表单，但服务器甚至不接受这些请求:
多部分/表单数据
文字/纯文字

非常感谢您的帮助。先感谢您!

最佳答案

我在通过邮寄发送base64时遇到问题，并通过url编码解决了它。试试这个:

NSString *post = [@"RelayState=https://example.com&SAMLResponse=" stringByAppendingString:
        (__bridge_transfer NSString *)CFURLCreateStringByAddingPercentEscapes(NULL,
        (__bridge CFStringRef)samlResponseString, NULL, (CFStringRef)@"!*'\"();:@&=+$,/?%#[]% ",
        CFStringConvertNSStringEncodingToEncoding(NSUTF8StringEncoding))];

关于objective-c - 如何使用NSURLConnection发布SAML响应消息？，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/9934719/