当前位置: 首页 > 知识库问答 >
问题:

使用C#的XML中的SAML断言

邢心水
2023-03-14

这是我面临的问题,需要一些帮助/指导。

我已经从引擎生成了一条XML消息,需要将其解析为服务。为了做到这一点,我必须将该消息更改为SOAP消息,并在其上插入SAML令牌。我正在尝试使用C#代码执行此操作。下面是我生成的输入消息和预期的输出:

<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope
    xmlns:S="http://www.w3.org/2003/05/soap-envelope"
    xmlns:wsse11="http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
    <S:Header>
        <To mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery 
        </To>
        <Action mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery
        </Action>
        <ReplyTo mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">
            <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
        </ReplyTo>
        <MessageID mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">461433e3-4591-453b-9eb6-791c7f5ff882
        </MessageID>
        <wsse:Security S:mustUnderstand="true">
            <wsu:Timestamp wsu:Id="_1"
                xmlns:ns17="http://docs.oasis-open.org/ws-sx/wssecureconversation/200512"
                xmlns:ns16="http://schemas.xmlsoap.org/soap/envelope/">
                <wsu:Created>2012-06-08T18:31:44Z</wsu:Created>
                <wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>
            </wsu:Timestamp>
            <saml2:Assertion ID="_e1154a8a-bbd5-426d-afa5-ed7071f1b1ff" IssueInstant="2012-06-08T18:31:44.577Z" Version="2.0"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:exc14n="http://www.w3.org/2001/10/xml-excc14n#"
                xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                xmlns:xs="http://www.w3.org/2001/XMLSchema">
                <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>
                <ds:Signature
                    xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#"/>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1"/>
                        <ds:Reference URI="#_e1154a8a-bbd5-426d-afa5-ed7071f1b1ff">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-excc14n#"/>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <ds:DigestValue>5MearYAjQTErf01u/7UlKo2hEyc=</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>eCEFcl9iEl6u0MrAehJdsRrgbOCnirOE8i9IQpYMb25sMEaeLzXR7SFGf+TrPyv87YwYUr8lP1xK
Iohggt9yCkdvsVIOhRxiOQmK36ATjIsCNVdjqQwH2Ez9q9esRPgWIlS0vDRKxylaz1eGEX5ZCGdg
rBuScX3uvVjA5s/SVfQh6Enw9cbW/1i5Vcrvrie9ro2EdNS6CM1qLmf9bY37E5XK3f3Zt2xne1TH
OXyqH9jXU5RdE14vD+jNHAjCLq61rG5+ImWtZ2sYmp8+vLJGOVSH6yUEDV2v04AdsXUYbjgRvMjo
/mC8Mec2LdX0pGAuqS+hF4xdlR4RNI74Jj7Esg==</ds:SignatureValue>
                    <ds:KeyInfo>
                        <ds:KeyValue>
                            <ds:RSAKeyValue>
                                <ds:Modulus>maFp5lsEHjhrQQCL0e8cbxMoDpGk1r6Uion/LA2iuD3T+sspJh8TNToQrurpFFVY/u6IzHKIk64s
9894pxbwYNwv/LzRVzM5pOXmCT73KGAg3Cry+QOO5KrN8hR/OXyH90/LIS77FZY+bepqD6qx4URa
2/GLll08fu8xh1wPFDMCFAmb2Xz/5gK0fimUXJAWi1+PlNKMLnDGxHgvz5ZwiN1/QwXcQEc1mcJC
imLoiCSrk7nvmqkxX4ZZ1dYzQJWdlB8Om4r9Uu96q5cZFTYwSdivLpPFKSzn/2MI9NryZC0VaIBu
HRhgAmspAzM90BjLO5vtiwrrfx/E3uYcMjcSEQ==</ds:Modulus>
                                <ds:Exponent>AQAB</ds:Exponent>
                            </ds:RSAKeyValue>
                        </ds:KeyValue>
                    </ds:KeyInfo>
                </ds:Signature>
                <saml2:Subject>
                    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameidformat:X509SubjectName">UID=WilmaAnderson</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-ofkey">
                        <saml2:SubjectConfirmationData>
                            <ds:KeyInfo>
                                <ds:KeyValue>
                                    <ds:RSAKeyValue>
                                        <ds:Modulus>maFp5lsEHjhrQQCL0e8cbxMoDpGk1r6Uion/LA2iuD3T+sspJh8TNToQrurpFFVY/u6IzHKIk64s9894pxbwYNwv/LzRVz
M5pOXmCT73KGAg3Cry+QOO5KrN8hR/OXyH90/LIS77FZY+bepqD6qx4URa2/GLll08fu8xh1wPFDMCFAmb2Xz/5gK0fimUXJAWi1+PlNKML
nDGxHgvz5ZwiN1/QwXcQEc1mcJCimLoiCSrk7nvmqkxX4ZZ1dYzQJWdlB8Om4r9Uu96q5cZFTYwSdivLpPFKSzn/2MI9NryZC0VaIBuHRhg
AmspAzM90BjLO5vtiwrrfx/E3uYcMjcSEQ==</ds:Modulus>
                                        <ds:Exponent>AQAB</ds:Exponent>
                                    </ds:RSAKeyValue>
                                </ds:KeyValue>
                            </ds:KeyInfo>
                        </saml2:SubjectConfirmationData>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:AuthnStatement AuthnInstant="2012-06-08T18:31:44.577Z" SessionIndex="123456">
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
                        <saml2:AttributeValue ns6:type="ns7:string"
                            xmlns:ns6="http://www.w3.org/2001/XMLSchemainstance"
                            xmlns:ns7="http://www.w3.org/2001/XMLSchema">WilmaWA Anderson
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
                        <saml2:AttributeValue ns6:type="ns7:string"
                            xmlns:ns6="http://www.w3.org/2001/XMLSchemainstance"
                            xmlns:ns7="http://www.w3.org/2001/XMLSchema">2.16.840.1.113883.3.609.10.330.000
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
                        <saml2:AttributeValue ns6:type="ns7:string"
                            xmlns:ns6="http://www.w3.org/2001/XMLSchemainstance"
                            xmlns:ns7="http://www.w3.org/2001/XMLSchema">2.16.840.1.113883.3.609.10.330.000
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:NwHIN:names:saml:homeCommunityId">
                        <saml2:AttributeValue ns6:type="ns7:string"
                            xmlns:ns6="http://www.w3.org/2001/XMLSchemainstance"
                            xmlns:ns7="http://www.w3.org/2001/XMLSchema">2.16.840.1.113883.3.609.10.330.000
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
                        <saml2:AttributeValue>
                            <hl7:Role code="46255001" codeSystem="2.16.840.1.113883.6.96"
codeSystemName="SNOMED_CT" displayName="Pharmacist" xsi:type="hl7:CE"
                                xmlns:hl7="urn:hl7-org:v3"
                                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                        <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
                            <saml2:AttributeValue>
                                <hl7:PurposeOfUse code="OPERATIONS" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="NwHIN-purpose" displayName="Healthcare Operations" xsi:type="hl7:CE"
                                    xmlns:hl7="urn:hl7-org:v3"
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
                                </saml2:AttributeValue>
                            </saml2:Attribute>
                            <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
                                <saml2:AttributeValue ns6:type="ns7:string"
                                    xmlns:ns6="http://www.w3.org/2001/XMLSchemainstance"
                                    xmlns:ns7="http://www.w3.org/2001/XMLSchema">PATAA000000040^^^&amp;2.16.840.1.113883.3.609.20.330.000&amp;ISO
                                </saml2:AttributeValue>
                            </saml2:Attribute>
                        </saml2:AttributeStatement>
                    </saml2:Assertion>
                    <ds:Signature Id="_2"
                        xmlns:ns17="http://docs.oasis-open.org/ws-sx/wssecureconversation/200512"
                        xmlns:ns16="http://schemas.xmlsoap.org/soap/envelope/">
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <exc14n:InclusiveNamespaces PrefixList="wsse S"/>
                            </ds:CanonicalizationMethod>
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                            <ds:Reference URI="#_1">
                                <ds:Transforms>
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
                                    </ds:Transform>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                <ds:DigestValue>wOyuouXyvOr9+wFonBcY/sfKQdc=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>L3DLzs6axzNlKUuySKvg52ljw+QrLkmJLbJH7kyHoafjyUavzmw3IPAsg70UfVS8tpM+ut7Im4ouqn9eVOttY2BY8MTyBGUSlwj/2IGHdzxoqcXpLFXxx7ntti2Zt/mfmnV1A+iu+a0l5uIRBy6OdxbSsZg1yK2UYaR60WkVEXVH1MZXnHmE33woHjrScvXh1i
mdJ8apZzCuWZ4Nlbf85kvwVjriyCOK2O1nUvY7ZmSsuHGqTOrgemoDQxlNKb3F4Rn48W1yIiAAAJZuq2Qx5KJ4b6aX17/M73pqvqTKMz5Wv
YrmL54FzhXIalns6LzAZ6EZo4YdYOODmuchIZwZqg==</ds:SignatureValue>
                        <ds:KeyInfo>
                            <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasisopen.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
                                <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wsssaml-token-profile-1.1#SAMLID">_e1154a8a-bbd5-426d-afa5-ed7071f1b1ff</wsse:KeyIdentifier>
                            </wsse:SecurityTokenReference>
                        </ds:KeyInfo>
                    </ds:Signature>
                </wsse:Security>
            </S:Header>
            <S:Body>
                <ns6:PRPA_IN201305UV02 ITSVersion="XML_1.0"
                    xmlns:ns2="urn:oasis:names:tc:ebxmlregrep:xsd:rim:3.0"
                    xmlns:ns3="urn:oasis:names:tc:ebxmlregrep:xsd:rs:3.0"
                    xmlns:ns4="http://www.hhs.gov/healthit/NwHIN"
                    xmlns:ns5="urn:oasis:names:tc:ebxmlregrep:xsd:query:3.0"
                    xmlns:ns6="urn:hl7-org:v3"
                    xmlns:ns7="urn:gov:hhs:fha:NwHINc:common:NwHINccommon"
                    xmlns:ns8="urn:gov:hhs:fha:NwHINc:common:patientcorrelationfacade"
                    xmlns:ns9="http://schemas.xmlsoap.org/ws/2004/08/addressing">
                    <ns6:id root="2.16.840.1.113883.3.609.20.330.000" extension="-5a3e95b1:11d1fa33d45:-7f9b"/>
                    <ns6:creationTime value="20120608143143"/>
                    <ns6:interactionId root="2.16.840.1.113883.1.6" extension="PRPA_IN201305UV02"/>
                    <ns6:processingCode code="T"/>
                    <ns6:processingModeCode code="T"/>
                    <ns6:acceptAckCode code="AL"/>
                    <ns6:receiver typeCode="RCV">
                        <ns6:device classCode="DEV" determinerCode="INSTANCE">
                            <ns6:id root="2.16.840.1.113883.3.609.10.330.002"/>
                            <ns6:asAgent classCode="AGNT">
                                <ns6:representedOrganization classCode="ORG" determinerCode="INSTANCE">
                                    <ns6:id root="2.16.840.1.113883.3.609.10.330.002"/>
                                </ns6:representedOrganization>
                            </ns6:asAgent>
                        </ns6:device>
                    </ns6:receiver>
                    <ns6:sender typeCode="SND">
                        <ns6:device classCode="DEV" determinerCode="INSTANCE">
                            <ns6:asAgent classCode="AGENT">
                                <ns6:representedOrganization classCode="ORG" determinerCode="INSTANCE">
                                    <ns6:id root="2.16.840.1.113883.3.609.10.330.000"/>
                                </ns6:representedOrganization>
                            </ns6:asAgent>
                        </ns6:device>
                    </ns6:sender>
                    <ns6:controlActProcess classCode="CACT" moodCode="EVN">
                        <ns6:code code="PRPA_TE201305UV02" codeSystem="2.16.840.1.113883.1.6"/>
                        <ns6:authorOrPerformer typeCode="AUT">
                            <ns6:assignedDevice>
                                <ns6:id root="2.16.840.1.113883.3.609.20.330.000"/>
                            </ns6:assignedDevice>
                        </ns6:authorOrPerformer>
                        <ns6:queryByParameter>
                            <ns6:queryId root="2.16.840.1.113883.3.609.10.330.000" extension="-abd3453dcd24wkkks545"/>
                            <ns6:statusCode code="new"/>
                            <ns6:responseModalityCode code="R"/>
                            <ns6:responsePriorityCode code="I"/>
                            <ns6:parameterList>
                                <ns6:livingSubjectAdministrativeGender>
                                    <ns6:value code="M"/>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:livingSubjectAdministrativeGender>
                                <ns6:livingSubjectBirthTime>
                                    <ns6:value value="19350213"/>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:livingSubjectBirthTime>
                                <ns6:livingSubjectId>
                                    <ns6:value root="2.16.840.1.113883.3.609.20.330.000" extension="PATAA000000040"/>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:livingSubjectId>
                                <ns6:livingSubjectId>
                                    <ns6:value root="2.16.840.1.113883.4.1" extension=""/>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:livingSubjectId>
                                <ns6:livingSubjectName>
                                    <ns6:value>
                                        <ns6:prefix partType="PFX"/>
                                        <ns6:given partType="GIV">Test</ns6:given>
                                        <ns6:given partType="GIV"/>
                                        <ns6:family partType="FAM">Testing</ns6:family>
                                        <ns6:suffix partType="PFX"/>
                                    </ns6:value>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:livingSubjectName>
                                <ns6:patientAddress>
                                    <ns6:value/>
                                </ns6:patientAddress>
                                <ns6:patientTelecom>
                                    <ns6:value value=""/>
                                    <ns6:semanticsText representation="TXT"/>
                                </ns6:patientTelecom>
                            </ns6:parameterList>
                        </ns6:queryByParameter>
                    </ns6:controlActProcess>
                </ns6:PRPA_IN201305UV02>
            </S:Body>
        </S:Envelope>

近期产量

<?xml version="1.0"?>
<soap:Envelope
    xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
    xmlns:wsse11="http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
    xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
    <soap:Header>
        <To mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery
        </To>
        <Action mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery
        </Action>
        <ReplyTo mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">
            <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
        </ReplyTo>
        <MessageID mustUnderstand="true"
            xmlns="http://www.w3.org/2005/08/addressing">461433e3-4591-453b-9eb6-791c7f5ff882
        </MessageID>
        <wsse:Security soap:mustUnderstand="true">
            <wsu:Timestamp wsu:Id="_1"
                xmlns:ns17="http://docs.oasis-open.org/ws-sx/wssecureconversation/200512"
                xmlns:ns16="http://schemas.xmlsoap.org/soap/envelope/">
                <wsu:Created>2012-06-08T18:31:44Z</wsu:Created>
                <wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>
            </wsu:Timestamp>
            <saml2:Assertion ID="_883e64a747a5449b83821913a2b189e6" IssueInstant="2017-10-20T05:09:31.369Z" Version="2.0"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                xmlns:exc14n="http://www.w3.org/2001/10/xml-excc14n#"
                xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                xmlns:xs="http://www.w3.org/2001/XMLSchema">
                <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US
                    <Signature
                        xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <SignedInfo>
                            <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
                            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                            <Reference URI="">
                                <Transforms>
                                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                </Transforms>
                                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                <DigestValue>I/0YHptWQW4Y+32HZ8sypXfjPr0=</DigestValue>
                            </Reference>
                        </SignedInfo>
                        <SignatureValue>j3nJoKFny0wdeZZtVKt0XGoL/RC10EJWjqRK8RXzZxU9Uhh/c/0RafmnX4Ed/usVDKhdH+XXYnLVASiKpe5q372yhrMs8709C8OCwV4TZSpmAUUakIad3FZTf5kSH/GrAvtBRAbf9qfm2P5eQvl0OW7fI7/fyyaTi+p2sHuIyUSE/sPdbeQFH2nhxCAIVDI5tuiC7RuCHucPdmHZf6RvywONSP1mrr+ar2UTbadsprAHSMfy/k6kEm7Uy+hcE0MZnEcWipNtzeYmSai0pE6sUNtHigmUQLcbky/fSdQnjNyVDU4cwNMuryx6Zj8jfOxNEELqj338WP4UhLcy7Yggug==</SignatureValue>
                        <KeyInfo>
                            <X509Data>
                                <X509Certificate>MIIEZTCCA02gAwIBAgIJAMOJ3N+F0yoBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3RvbjESMBAGA1UEChMJQ29nbml6YW50MR0wGwYDVQQLExRTb2Z0d2FyZSBFbmdpbmVlcmluZzEaMBgGA1UEAxMRd3d3LmNvZ25pemFudC5jb20wHhcNMTcxMDExMDUwMzQ4WhcNMTgxMDExMDUwMzQ4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjIFT5mA4jIxXUilmH56Xk2n44vWaiVDR9KfsdKYUeGO/y0f0aUn+cwBeB7zR9Il8YLgaNh1dVvShvlwm31kWTD+dnTrnHB8pMHYh7Y5k7zSLeLgZolWqm+kpEBnre5MLwa2O+Thy6skpmr3sGE+t7mSibEptYSf1lfB2qCHUXYf+jfAJdNuXo3pJsPGsXwU0L1KPnUJIRMs4l4b8JvwZO3cj2eOSGd5JGDCSYG2w+o/Cgyq/A5iDMVgtsyds5kp3JIvhfqXmxhZxkmiTHm4AOglkTY96v7eptDZ0+yspt5p2H5fU1loVwLXQHnk8lXqV3gF+JD8iUEcNrwEX6xbNQIDAQABo4HlMIHiMB0GA1UdDgQWBBSHY9xnAIinZJNFNq7A5dVaa9D0FjCBsgYDVR0jBIGqMIGngBSHY9xnAIinZJNFNq7A5dVaa9D0FqGBg6SBgDB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tggkAw4nc34XTKgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAp0hd/qIbFUpdCAzY9K3/PKGOjlKJn6npyeeE4+jYandvpbxvPo00XCY+pvdLBejoPjnsNjgVYl5Y41SdI2hNP7F65h3BjG3C8AsA98KFIZrBaTaTiLk2B8Tr2Q7MSUcHSEbcs1uSUA8Uzmk4NdJICkLrLKgrWdRBKVyigZi+rD1vD4LTsQoVzQqBD8K8p8h5stOH0x1l5NxTsn3M6o4Q86fGzFLNDK2KUok7AcFl7I17l5DuOYgzIvqgQzCgQ+V/4alJ7dfkVOSqH/0oar5yDCLYjlXtMkqUQlLnni2NSLDmMJfWQ8HWJaAMAhu1hbG9LrUqN4/Xue6tyuWz+i0+0Q==</X509Certificate>
                            </X509Data>
                        </KeyInfo>
                    </Signature>
                    <subject
                        xmlns="saml2">
                        <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameidformat:X509SubjectName">UID=WilmaAnderson</saml2:NameID>
                        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-ofkey">
                            <saml2:SubjectConfirmationData>
                                <KeyInfo
                                    xmlns="">
                                    <X509Data>
                                        <X509Certificate>MIIEZTCCA02gAwIBAgIJAMOJ3N+F0yoBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3RvbjESMBAGA1UEChMJQ29nbml6YW50MR0wGwYDVQQLExRTb2Z0d2FyZSBFbmdpbmVlcmluZzEaMBgGA1UEAxMRd3d3LmNvZ25pemFudC5jb20wHhcNMTcxMDExMDUwMzQ4WhcNMTgxMDExMDUwMzQ4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjIFT5mA4jIxXUilmH56Xk2n44vWaiVDR9KfsdKYUeGO/y0f0aUn+cwBeB7zR9Il8YLgaNh1dVvShvlwm31kWTD+dnTrnHB8pMHYh7Y5k7zSLeLgZolWqm+kpEBnre5MLwa2O+Thy6skpmr3sGE+t7mSibEptYSf1lfB2qCHUXYf+jfAJdNuXo3pJsPGsXwU0L1KPnUJIRMs4l4b8JvwZO3cj2eOSGd5JGDCSYG2w+o/Cgyq/A5iDMVgtsyds5kp3JIvhfqXmxhZxkmiTHm4AOglkTY96v7eptDZ0+yspt5p2H5fU1loVwLXQHnk8lXqV3gF+JD8iUEcNrwEX6xbNQIDAQABo4HlMIHiMB0GA1UdDgQWBBSHY9xnAIinZJNFNq7A5dVaa9D0FjCBsgYDVR0jBIGqMIGngBSHY9xnAIinZJNFNq7A5dVaa9D0FqGBg6SBgDB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tggkAw4nc34XTKgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAp0hd/qIbFUpdCAzY9K3/PKGOjlKJn6npyeeE4+jYandvpbxvPo00XCY+pvdLBejoPjnsNjgVYl5Y41SdI2hNP7F65h3BjG3C8AsA98KFIZrBaTaTiLk2B8Tr2Q7MSUcHSEbcs1uSUA8Uzmk4NdJICkLrLKgrWdRBKVyigZi+rD1vD4LTsQoVzQqBD8K8p8h5stOH0x1l5NxTsn3M6o4Q86fGzFLNDK2KUok7AcFl7I17l5DuOYgzIvqgQzCgQ+V/4alJ7dfkVOSqH/0oar5yDCLYjlXtMkqUQlLnni2NSLDmMJfWQ8HWJaAMAhu1hbG9LrUqN4/Xue6tyuWz+i0+0Q==</X509Certificate>
                                    </X509Data>
                                </KeyInfo>
                            </saml2:SubjectConfirmationData>
                        </saml2:SubjectConfirmation>
                    </subject>
                </saml2:Issuer>
                <saml2:AuthnStatement AuthnInstant="2017-10-20T05:09:31.369Z" SessionIndex="123456">
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">WilmaWA Anderson
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Developer Integration Lab
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">https://lab.dil.aegis.net
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:oid:2.16.840.1.113883.3.7477.4522.1
                        </saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>
                            <hl7:Role
                                xmlns:hl7="urn:hl7-org:v3"
                                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="112247003" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Medical doctor" xsi:type="CE" />
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                    </saml2:AttributeStatement>
                    <saml2:AttributeStatement>
                        <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                            <saml2:AttributeValue>
                                <hl7:PurposeOfUse
                                    xmlns:hl7="urn:hl7-org:v3"
                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Treatment" xsi:type="CE" />
                                </saml2:AttributeValue>
                            </saml2:Attribute>
                        </saml2:AttributeStatement>
                    </saml2:Assertion>
                    <wsu:Timestamp wsu:ID="">
                        <wsu:Created>"2017-10-20T05:09:31.369Z"</wsu:Created>
                        <wsu:Expires>"2017-10-20T05:09:31.369Z"</wsu:Expires>
                    </wsu:Timestamp>
                </wsse:Security>
            </soap:Header>
            <soap:Body>
                <PRPA_IN201305UV02
                    xmlns="urn:hl7-org:v3"
                    xmlns:ns2="urn:gov:hhs:fha:nhinc:common:nhinccommon"
                    xmlns:ns3="http://www.w3.org/2005/08/addressing"
                    xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade"
                    xmlns:ns5="http://www.hhs.gov/healthit/nhin"
                    xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0"
                    xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0"
                    xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" ITSVersion="XML_1.0" nullFlavor="">
                    <id extension="50a6fe29-cfd5-45ef-8cbe-67e567c9a23c" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
                    <creationTime nullFlavor="" value="20150309171201" />
                    <interactionId extension="PRPA_IN201305UV02" nullFlavor="" root="2.16.840.1.113883.1.6" />
                    <processingCode code="T" nullFlavor="" />
                    <processingModeCode code="T" nullFlavor="" />
                    <acceptAckCode code="NE" nullFlavor="" />
                    <receiver typeCode="RCV">
                        <device classCode="DEV" determinerCode="INSTANCE">
                            <id root="2.16.840.1.113883.3.1259.10.1003" />
                            <asAgent classCode="AGNT">
                                <representedOrganization classCode="ORG" determinerCode="INSTANCE">
                                    <id root="2.16.840.1.113883.3.1259.10.1003" />
                                </representedOrganization>
                            </asAgent>
                        </device>
                    </receiver>
                    <sender nullFlavor="" typeCode="SND">
                        <device classCode="DEV" determinerCode="INSTANCE" nullFlavor="">
                            <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
                            <asAgent classCode="AGNT" nullFlavor="">
                                <representedOrganization classCode="ORG" determinerCode="INSTANCE" nullFlavor="">
                                    <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
                                </representedOrganization>
                            </asAgent>
                        </device>
                    </sender>
                    <controlActProcess classCode="CACT" moodCode="EVN" nullFlavor="">
                        <code code="PRPA_TE201305UV02" codeSystem="2.16.840.1.113883.1.6" nullFlavor="" />
                        <authorOrPerformer nullFlavor="" typeCode="AUT">
                            <assignedDevice classCode="ASSIGNED" nullFlavor="">
                                <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" />
                            </assignedDevice>
                        </authorOrPerformer>
                        <queryByParameter nullFlavor="">
                            <queryId extension="ee72b41a-4eb6-4eb0-ab74-0d4ea29dd1b2" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" />
                            <statusCode code="new" nullFlavor="" />
                            <responseModalityCode code="R" nullFlavor="" />
                            <responsePriorityCode code="I" nullFlavor="" />
                            <parameterList nullFlavor="">
                                <livingSubjectAdministrativeGender nullFlavor="">
                                    <value code="M" nullFlavor="" />
                                    <semanticsText nullFlavor="" />
                                </livingSubjectAdministrativeGender>
                                <livingSubjectBirthTime nullFlavor="">
                                    <value nullFlavor="" value="19600210" />
                                    <semanticsText nullFlavor="" />
                                </livingSubjectBirthTime>
                                <livingSubjectId nullFlavor="">
                                    <value extension="1000131023" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" />
                                    <semanticsText nullFlavor="" />
                                </livingSubjectId>
                                <livingSubjectName nullFlavor="">
                                    <value nullFlavor="" use="">
                                        <given partType="GIV" qualifier="">Test</given>
                                        <given partType="GIV" qualifier="">M</given>
                                        <family partType="FAM" qualifier="">Testing</family>
                                    </value>
                                    <semanticsText nullFlavor="" />
                                </livingSubjectName>
                            </parameterList>
                        </queryByParameter>
                    </controlActProcess>
                </PRPA_IN201305UV02>
            </soap:Body>
        </soap:Envelope>

共有1个答案

都博裕
2023-03-14

尝试以下操作:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography.Xml;
using System.Text;
using System.Threading.Tasks;
using System.Xml;

namespace Certificate
{
    class Program
    {
        const string FILENAME = @"c:\temp\test.xml";
        static void Main(string[] args)
        {
            XmlDocument doc = new XmlDocument();
            CreateSoap(doc);
            XmlElement assertion = (XmlElement)(doc.GetElementsByTagName("saml2:Assertion")[0]);
            XmlElement security = (XmlElement)(doc.GetElementsByTagName("wsse:Security")[0]);  //added 10-20-17
            XmlElement body = (XmlElement)(doc.GetElementsByTagName("soap:Body")[0]);


            using (WebClient client = new WebClient())
            {
                byte[] xmlBytes = client.DownloadData(FILENAME);
                body.InnerXml = Encoding.UTF8.GetString(xmlBytes);
            }
            string pfxpath = @"D:\Certificate\Private-cert.pfx";
            X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(pfxpath), "123456789");


            SignXmlWithCertificate(assertion, cert);
            SignXmlWithCertificate(security, cert);   //added 10-20-17

            XmlElement subject = doc.CreateElement("Subject", "saml2");
            assertion.AppendChild(subject);

            CreateSubject(subject);

            File.WriteAllText(@"D:\Certificate\digitallysigned.xml", doc.OuterXml);
        }
        public static void CreateSoap(XmlDocument doc)
        {
            DateTime date = DateTime.Now;
            string soap = string.Format(
                "<?xml version=\"1.0\"?>" +
                "<soap:Envelope" +
                " xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"" +
                " xmlns:wsse11=\"http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd\"" +
                " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"" +
                " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd\"" +
                " xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"" +
                " xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" +
                " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" +
                " xmlns:exc14n=\"http://www.w3.org/2001/10/xml-exc-c14n#\">" +

                           "<soap:Header>" +
                                  "<To mustUnderstand=\"true\"" +
                                     " xmlns=\"http://www.w3.org/2005/08/addressing\">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery" +
                                  "</To>" +
                                  "<Action mustUnderstand=\"true\"" +
                                     " xmlns=\"http://www.w3.org/2005/08/addressing\">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery" +
                                  "</Action>" +
                                  "<ReplyTo mustUnderstand=\"true\"" +
                                     " xmlns=\"http://www.w3.org/2005/08/addressing\">" +
                                     "<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>" +
                                  "</ReplyTo>" +
                                  "<MessageID mustUnderstand=\"true\"" +
                                     " xmlns=\"http://www.w3.org/2005/08/addressing\">461433e3-4591-453b-9eb6-791c7f5ff882" +
                                  "</MessageID>" +
                                  "<wsse:Security soap:mustUnderstand=\"true\">" +
                                     "<wsu:Timestamp wsu:Id=\"_1\"" +
                                        " xmlns:ns17=\"http://docs.oasis-open.org/ws-sx/wssecureconversation/200512\"" +
                                        " xmlns:ns16=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
                                        "<wsu:Created>2012-06-08T18:31:44Z</wsu:Created>" +
                                        "<wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>" +
                                     "</wsu:Timestamp>" +
                                     "<saml2:Assertion ID=\"_883e64a747a5449b83821913a2b189e6\" IssueInstant=\"{0}\" Version=\"2.0\"" +
                                        " xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" +
                                        " xmlns:exc14n=\"http://www.w3.org/2001/10/xml-excc14n#\"" +
                                        " xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"" +
                                        " xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"" +
                                        " xmlns:xs=\"http://www.w3.org/2001/XMLSchema\">" +
                                        "<saml2:Issuer Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US" +
                                        "</saml2:Issuer>" +
                                     "</saml2:Assertion>" +
                                  "</wsse:Security>" +

                                "</soap:Header>" +
                                "<soap:Body>" +
                                "</soap:Body>" +
                             "</soap:Envelope>",
                             date.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ"));
            //date format
            //2015-03-09T21:12:02.279Z
            doc.LoadXml(soap);

        }
        public static void SignXmlWithCertificate(XmlElement assertion, X509Certificate2 cert)
        {
            SignedXml signedXml = new SignedXml(assertion);
            signedXml.SigningKey = cert.PrivateKey;
            Reference reference = new Reference();
            reference.Uri = "";
            reference.AddTransform(new XmlDsigEnvelopedSignatureTransform());
            signedXml.AddReference(reference);

            KeyInfo keyInfo = new KeyInfo();
            keyInfo.AddClause(new KeyInfoX509Data(cert));

            signedXml.KeyInfo = keyInfo;
            signedXml.ComputeSignature();
            XmlElement xmlsig = signedXml.GetXml();

            assertion.AppendChild(xmlsig);
        }
        public static void CreateSubject(XmlElement xSubject)
        {
            string subject = "<saml2:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameidformat:X509SubjectName\">UID=WilmaAnderson</saml2:NameID>" +
                              "<saml2:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:holder-ofkey\">" +
                                "<saml2:SubjectConfirmationData>" +
                                  "<ds:KeyInfo>" +
                                    "<ds:KeyValue>" +
                                      "<ds:RSAKeyValue>" +
                                        "<ds:Modulus>" +
                                          "maFp5lsEHjhrQQCL0e8cbxMoDpGk1r6Uion/LA2iuD3T+sspJh8TNToQrurpFFVY/u6IzHKIk64s9894pxbwYNwv/LzRVz" +
                                          "M5pOXmCT73KGAg3Cry+QOO5KrN8hR/OXyH90/LIS77FZY+bepqD6qx4URa2/GLll08fu8xh1wPFDMCFAmb2Xz/5gK0fimUXJAWi1+PlNKML" +
                                          "nDGxHgvz5ZwiN1/QwXcQEc1mcJCimLoiCSrk7nvmqkxX4ZZ1dYzQJWdlB8Om4r9Uu96q5cZFTYwSdivLpPFKSzn/2MI9NryZC0VaIBuHRhg" +
                                          "AmspAzM90BjLO5vtiwrrfx/E3uYcMjcSEQ==" +
                                        "</ds:Modulus>" +
                                        "<ds:Exponent>AQAB</ds:Exponent>" +
                                      "</ds:RSAKeyValue>" +
                                    "</ds:KeyValue>" +
                                  "</ds:KeyInfo>" +
                                "</saml2:SubjectConfirmationData>" +
                              "</saml2:SubjectConfirmation>";

            xSubject.InnerXml = subject;
        }
    }
}
 类似资料:
  • 我有一个webservice操作,其中我将获得SAML断言作为请求体的一部分。我跟踪XSD: saml:断言是指:< br>

  • 我正在使用以下xml架构验证一些xml文件: 我只是想引入一些assert标记,以便进行更强大的验证。但这导致了例外情况: 系统Xml。模式。XmlSchemaException:http://www.w3.org/2001/XMLSchema:assert-元素在此上下文中不受支持。 我现在不知道的是。。。 我在xsd中错误的地方使用了asstrt-元素 http://www.w3.org/20

  • 我正在使用多个SP实现单点登录。以下是我的基本理解: 1) 浏览器(用户)向服务提供商(SP)请求资源 2)SP重定向(使用SAML请求)到身份提供程序(IdP) 3)由于这是第一次登录,用户将向(IdP)提供其有效凭据 4)然后,IdP将浏览器(带有包含SAML令牌的SAML响应)重定向到SP页面。 现在,假设我有服务提供商A和服务提供商B。一个用户已经完成了关于服务提供商A的步骤。从服务提供商

  • 问题内容: 尝试使用SAML 2.0解密加密的断言时遇到问题。我使用的库是OpenSAML Java库2.5.2。 加密的断言如下所示: 我确实使用以下openssl命令将PEM格式的私钥转换为pkcs8格式: 然后,我准备尝试解密加密的断言。这是我的Java代码: 运行此代码总是导致无法解密断言。我确实收到以下错误: 我真的不知道在这种情况下我在做什么错。我将私钥转换为pkcs8,加载了SAML

  • 我终于想出了如何从XML中获取列表。然而,放心网站并没有详细说明如何为我得到的列表做出断言。我如何断言这部电影有布鲁斯·威利斯作为一个演员,有一个放心的格式,什么时候,然后?是否使用给定()中的列表?

  • 我正在尝试使用谷歌办公套件设置SAML。但是我得到了这个错误 我已经配置断言应该在我的SP中签名。我可以在其他IDP(如onelogin、okta)中看到签署响应断言的选项。该配置适用于其他IDP,但看不到在谷歌办公套件SAML中唱响应断言的选项。 在Gsuite中,我只能看到签名响应的选项,而不能看到断言。 如何正确设置此设置? SP元数据如下所示: