本文介绍了在NodeJS中对SAML2请求进行数字签名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有以下SAML请求,需要进行数字签名:

I have the following SAML request that I want to digitally sign:

<samlp:AuthnRequest Version="2.0" ID="_9FE393FB-1C9C-4EDD-86A5-1AE9F2192A60" IssueInstant="2014-10-22T11:22:56.676Z" Destination="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/ssocircle" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml:Issuer>http://app.localhost</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" />
</samlp:AuthnRequest>

我使用以下依赖于nodejs的coffeescript代码和进行测试时和都报告摘要值不匹配。

However when I test this with SSOCircle and TestShib they both report that the digest value does not match.

我使用的证书是带有未加密私钥的自签名证书(pem)。

The certificate I am using is a self-signed certificate (pem) with an unencrypted private key.

我已经仔细检查过,以确保sp-metadata中提供的公钥是从用于对SAML进行数字签名的同一pem文件中提取的。

I have double checked to categorically ensure that the public key supplied in the sp-metadata was taken from the same pem file used to digitally sign the SAML.

是否需要加密私钥?

如果没有,那么您能否建议签名检查失败的原因?

If not then can you suggest why the signature check should fail?

谢谢。

推荐答案

私钥不应加密。您可以使用此在线工具来验证您的签名。如果未通过,则表示您的签名创建方式错误

Private key should not be encrypted. You can use this online tool https://www.samltool.com/validate_logout_req.php validating your signature. If it does not pass means your signature created in a wrong way

这篇关于在NodeJS中对SAML2请求进行数字签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-24 05:14