堆栈内存溢出
  简体   繁体   English

如何在saml2的Subject标签中添加x509Data标签和keyInfo标签

[英]How to add x509Data tag and keyInfo tag in Subject tag in saml2

 原文  2015-08-16 10:50:52       java/ saml-2.0/ opensaml

问题描述

I am using the following code to generate the below saml assertion: 我正在使用以下代码来生成以下saml断言: 

        SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
        SubjectConfirmationData  confirmationMethod = (SubjectConfirmationData) confirmationMethodBuilder.buildObject();
        DateTime now = new DateTime();
        confirmationMethod.setNotBefore(now);
        confirmationMethod.setNotOnOrAfter(now.plusMinutes(2));

    //SAMLObjectBuilder keyInfoBuilderMethod = (SAMLObjectBuilder) builderFactory.getBuilder(KeyInfoConfirmationDataType.DEFAULT_ELEMENT_NAME);
    //KeyInfoConfirmationDataType keyInfoBuilder = (KeyInfoConfirmationDataType)keyInfoBuilderMethod.buildObject();
    //keyInfoBuilder.??
    //The commented part is what i tried but not successful to add the certificate into the SubjectConfirmationData.


    SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
    subjectConfirmation.setSubjectConfirmationData(confirmationMethod);

currently get the following output: 当前获得以下输出: 

<saml2:Subject>
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="CCC">abcde.xyz@xyz.com</saml2:NameID>
    <saml2:SubjectConfirmation>
        <saml2:SubjectConfirmationData NotBefore="2015-08-16T06:04:54.115Z" NotOnOrAfter="2015-08-16T06:06:54.115Z"/>
    </saml2:SubjectConfirmation>
</saml2:Subject>

i need the saml assertion to contain the keyinfo and the x509Certificate in the SubjectConfirmationData as below: 我需要saml断言在SubjectConfirmationData中包含keyinfo和x509Certificate,如下所示: 

<saml:Subject>
      <saml:NameID
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
        CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
      </saml:NameID>
      <saml:SubjectConfirmation
        Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
        <saml:SubjectConfirmationData>
          <ds:KeyInfo>
            <ds:X509Data>
              <!-- principal's X.509 cert -->
              <ds:X509Certificate>
  MIICiDCCAXACCQDE+9eiWrm62jANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJV
  UzESMBAGA1UEChMJTkNTQS1URVNUMQ0wCwYDVQQLEwRVc2VyMRMwEQYDVQQDEwpT
  UC1TZXJ2aWNlMB4XDTA2MDcxNzIwMjE0MVoXDTA2MDcxODIwMjE0MVowSzELMAkG
  A1UEBhMCVVMxEjAQBgNVBAoTCU5DU0EtVEVTVDENMAsGA1UECxMEVXNlcjEZMBcG
  A1UEAwwQdHJzY2F2b0B1aXVjLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
  gYEAv9QMe4lRl3XbWPcflbCjGK9gty6zBJmp+tsaJINM0VaBaZ3t+tSXknelYife
  nCc2O3yaX76aq53QMXy+5wKQYe8Rzdw28Nv3a73wfjXJXoUhGkvERcscs9EfIWcC
  g2bHOg8uSh+Fbv3lHih4lBJ5MCS2buJfsR7dlr/xsadU2RcCAwEAATANBgkqhkiG
  9w0BAQQFAAOCAQEAdyIcMTob7TVkelfJ7+I1j0LO24UlKvbLzd2OPvcFTCv6fVHx
  Ejk0QxaZXJhreZ6+rIdiMXrEzlRdJEsNMxtDW8++sVp6avoB5EX1y3ez+CEAIL4g
  cjvKZUR4dMryWshWIBHKFFul+r7urUgvWI12KbMeE9KP+kiiiiTskLcKgFzngw1J
  selmHhTcTCrcDocn5yO2+d3dog52vSOtVFDBsBuvDixO2hv679JR6Hlqjtk4GExp
  E9iVI0wdPE038uQIJJTXlhsMMLvUGVh/c0ReJBn92Vj4dI/yy6PtY/8ncYLYNkjg
  oVN0J/ymOktn9lTlFyTiuY4OuJsZRO1+zWLy9g==
              </ds:X509Certificate>
            </ds:X509Data>
          </ds:KeyInfo>
        </saml:SubjectConfirmationData>
      </saml:SubjectConfirmation>
    </saml:Subject>

The above sample assertion can be found in the following link here 以上示例断言可以在以下链接中找到:

There was another question on SO here to add the certificate in signature rather than in the subject tag, which is the correct one to follow? 有对SO另外一个问题在这里添加的签名,而不是在主题标签,证书,这是正确的跟随?
another question is how to generate the value of the certificate, is this based on any particular.crt file . 另一个问题是如何生成证书的值,这是基于任何specific.crt文件的。

1 个解决方案

解决方案1
 0  2015-08-17 07:40:04

How fun that you ask, I wrote a blog post on the subject just a couple of weeks ago. 您问我有多有趣, 就在几周前,我就此主题写了一篇博客文章 Basically you create a KeyInfoGenerator using X509KeyInfoGeneratorFactory 基本上,您使用X509KeyInfoGeneratorFactory创建一个KeyInfoGenerator 

X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
KeyInfoGenerator genarator = x509Factory.newInstance();

Then you use the generator to create KeyInfo 然后使用生成器创建KeyInfo 

KeyInfo keyinfo = generator.generate(credentials);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Java在SAML 2.0中的签名下添加KeyInfo和X509Data - How to add KeyInfo & X509Data under the Signature in SAML 2.0 using Java java-如何附加 <keyvalue> 之前 <x509data> 在签名的xml中 - java - how to append <keyvalue> before <x509data> in signed xml Java从XML X509Data创建x509certificate - Java create x509certificate from XML X509Data X509证书添加到X509Data的证书列表时重复 - X509Certificates duplicated when added to an X509Data's certificate list 生成 X509 证书时得到“数据不是对象 ID(标签 = 49)” - Got "data isn't an object ID (tag = 49)" while generating X509 cert 如何添加 <div> 在Java中将数据标记为arraylist - how to add <div> tag data to arraylist in java 如何添加<queries>清单中的标签?</queries> - How to add the <queries> tag in the manifest? 如何添加排序以显示标签 - How to add sorting to display tag 如何在基于数据表的条件中添加锚标记 - How to add anchor tag in data table based conditon 如何在 xml 的父标签中获取标签名称及其值的数据 - How to get data with tag name & their values inside parent tag in xml
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM