1
Я пытаюсь выполнить тест на SAML 2.0 с ColdFusion 9. Все, что я хочу, - это использовать созданный XML-файл SAML и выполнять обработку. Я следую приведенной здесь статье http://blog.tagworldwide.com/?p=19 (archived version)Поставщик услуг SAML с ColdFusion
Но я получаю ошибку, когда инициирую xmlSignatureClass (xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","Signature").item(0),javacast("string",""));).
Мой тестовый код выглядит следующим образом -
<cfxml variable="samlAssertionXML">
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://dummy.com" ID="_4b25fcd29ca107018e952b0ee8606cf9f1a5" IssueInstant="2012-06-01T14:21:18Z" Version="2.0">
<ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">DummyIdP</ns1:Issuer>
<Status><StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></Status>
<ns2:Assertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_302d1f1e2e5b39845923a3a21af3906f3e85" IssueInstant="2012-06-01T14:21:18Z" Version="2.0">
<ns2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">DummyIdP</ns2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsigrsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
<ds:Reference URI="_302d1f1e2e5b39845923a3a21af3906f3e85" xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsigenveloped-signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsigsha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig"/>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig">JUtQwTxlNEEwvzF9URMq4RFk1gM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig">
EHKr7088SiCcgviN56jgupiZlvVItJh3EHXNX/YAlvUuyN05m3beH4IblfKI5KnmTxRsEokKgAAn FvdG9Cv7yA7+m+D9WwmG7uRXQq0aLaoZM9+erGKvFuVjqQ5gGBM0XZBSpGHGHlPSSzmX/PwfuAg4 gvcOjoKfPQHJzArPYFAGD2MAFaS9qedr6kRlv19Jf5HnguyK670MgV9aUTwkWtS2P79K1GGreQP/ yDoEud7NXZw7QmlGrv9WHJdQf4z4jfJ8ZPatMMJH8B+rx/vzCpvbvM3a+XBaG8ZbmHJ2Lse+1ALW UWhktUXI5KIVZaLqK7kH+W7CVvCg1gbQ4oYdWg==
</ds:SignatureValue>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig">
MIIGQjCCBSqgAwIBAgIQJGHmoBo8/XCv/LcgrNMwCjANBgkqhkiG9w0BAQUFADCBujELMAkGA1UE BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR…truncated for ease of reading….DJge Mpl05h0dZIN5y40i3YBRyBWfbzt2dRA+d/B2lAyplxoQK73q4mpR8TmmqpybLF0pfktAZSSS8hUq 47Tl0i4gVH94qQ==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<ns2:Subject>
<ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">A439237</ns2:NameID>
<ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns2:SubjectConfirmationData NotOnOrAfter="2012-06-01T14:22:48Z" Recipient="https://dummy.com"/>
</ns2:SubjectConfirmation>
</ns2:Subject>
<ns2:Conditions NotBefore="2012-06-01T14:20:48Z" NotOnOrAfter="2012-06-01T14:22:48Z">
<ns2:AudienceRestriction><ns2:Audience>
CBTest
</ns2:Audience></ns2:AudienceRestriction>
<ns2:AudienceRestriction><ns2:Audience>
DummyIdP
</ns2:Audience></ns2:AudienceRestriction>
</ns2:Conditions>
<ns2:AuthnStatement AuthnInstant="2012-06-01T14:21:17Z" SessionIndex="3DiXDmQrg1TbVwcP7zwVAmh8qMM=vkXFrA==" SessionNotOnOrAfter="2012-06-01T14:22:48Z">
<ns2:AuthnContext>
<ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
</ns2:AuthnContext>
</ns2:AuthnStatement>
<ns2:AttributeStatement>
<ns2:Attribute Name="login" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
A439237
</ns2:AttributeValue></ns2:Attribute>
<ns2:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
Carolyn
</ns2:AttributeValue></ns2:Attribute>
<ns2:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
Brodginski
</ns2:AttributeValue></ns2:Attribute>
<ns2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>[email protected]</ns2:AttributeValue>
</ns2:Attribute>
<ns2:Attribute Name="company" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><ns2:AttributeValue>
test
</ns2:AttributeValue></ns2:Attribute>
</ns2:AttributeStatement>
</ns2:Assertion>
</Response>
</cfxml>
</cfoutput>
<cfset samlAssertionXML= BinaryEncode(CharsetDecode(samlAssertionXML,"utf-8") ,"Base64")/>
<!--- <cfdump var="#samlAssertionXML#"><cfabort> --->
<!--- samlAssertionElement = samlAssertionXML.getDocumentElement();
samlAssertionDocument = samlAssertionElement.GetOwnerDocument();
samlAssertion = samlAssertionDocument .getFirstChild();
SignatureSpecNS = CreateObject("Java", "org.apache.xml.security.utils.Constants");
Init = CreateObject("Java", "org.apache.xml.security.Init").Init().init();
XMLSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");
sigType = XMLSignatureClass.ALGO_ID_SIGNATURE_RSA_SHA1;
signature = XMLSignatureClass .init(samlAssertionDocument, javacast("string",""), sigType);
samlAssertionElement .insertBefore(signature .getElement(),samlAssertion.getFirstChild());
TransformsClass = CreateObject("Java", "org.apache.xml.security.transforms.Transforms");
transformEnvStr = TransformsClass.TRANSFORM_ENVELOPED_SIGNATURE;
transformOmitCommentsStr = TransformsClass.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
transforms = TransformsClass.init(samlAssertionDocument transforms.addTransform(transformOmitCommentsStr);
transforms.addTransform(transformEnvStr); --->
<cfscript>
xmlResponse=CharsetEncode(BinaryDecode(samlAssertionXML,"Base64") ,"utf-8");
//writedump(xmlResponse);abort;
docElement= XmlParse(xmlResponse).getDocumentElement();
//writedump(docElement);
SignatureConstants=CreateObject("Java", "org.apache.xml.security.utils.Constants");
//writedump(SignatureConstants);
SignatureSpecNS=SignatureConstants.SignatureSpecNS;
//writedump(SignatureSpecNS);
xmlSignatureClass = CreateObject("Java", "org.apache.xml.security.signature.XMLSignature");
//writedump(xmlSignatureClass);
//writedump(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","SignatureValue").item(0));abort;
xmlSignature = xmlSignatureClass.init(docElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig","Signature").item(0),javacast("string",""));
writedump(xmlSignature);abort;
keyInfo=xmlSignatureClass.getKeyInfo();
writedump(keyInfo);abort;
X509CertificateResolverCN = "org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolverClass";
keyResolver=CreateObject("Java", X509CertificateResolverCN) .init();
keyInfo.registerInternalKeyResolver(keyResolver);
x509cert = keyInfo.getX509Certificate();
</cfscript>
Ошибка я получаю -
Unknown canonicalizer. No handler installed for URI http://www.w3.org/2001/10/xml-exc-c14n
Любой, кто работал на стороне поставщика услуг SAML с ColdFusion?
Спасибо, NASAA
Мы используем shiboleth совместно с CF, чтобы это произошло для нескольких клиентов. Я посмотрю, есть ли у нашего внутреннего ресурса какие-либо намеки. –
Спасибо, Марк. Я нашел проблему, хотя. Поскольку это был сценарий coldfusion, и я удалил # из xml, который вызывал проблему. После добавления escape-символа это сработало для меня. – nasaa
потрясающий! рад, что ты это понял. –