堆栈内存溢出
  简体   繁体   English

为什么这不是有效的saml2请求?

[英]Why is this not a valid saml2 request?

 原文  2016-11-28 09:55:55       java/ azure/ saml-2.0/ opensaml

问题描述

I am using Opensaml to generate a saml2 authentication request for azure 我正在使用Opensaml为azure生成saml2身份验证请求 

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest AssertionConsumerServiceURL="https://myserver.de/_saml/validate/azure"
ForceAuthn="false" ID="0" IsPassive="false" IssueInstant="2016-11-28T09:46:43.215Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:Issuer xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">issuerid</samlp:Issuer>
<saml2p:NameIDPolicy AllowCreate="true"
    Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
    SPNameQualifier="Isser" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" />
<saml2p:RequestedAuthnContext Comparison="exact"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>

The XML was encoded with org.opensaml.xml.io.Marshaller and java.util.zip.DeflaterOutputStream.DeflaterOutputStream to Base64 and i verified it by using some online saml decoders for correctnes. XML是使用org.opensaml.xml.io.Marshaller和java.util.zip.DeflaterOutputStream.DeflaterOutputStream编码到Base64的,我通过使用一些在线saml解码器进行了更正。

The error i get from azure however is: 我从天青得到的错误是: 

AADSTS75005: The request is not a valid Saml2 protocol message.

Anyone can help? 有人可以帮忙吗?

1 个解决方案

解决方案1
 1 已采纳  2016-12-16 09:43:36

In the element 'AuthnRequest' you define the attribute 'ID' as '0'. 在元素“ AuthnRequest”中,将属性“ ID”定义为“ 0”。 This is not a valid value of the atomic type 'xs:ID'. 这不是原子类型“ xs:ID”的有效值。

I quote the technical rule of Oasis document: 我引用Oasis文件的技术规则:

The xs:ID simple type is used to declare SAML identifiers for assertions, requests, and responses. 简单的xs:ID类型用于声明断言,请求和响应的SAML标识符。 Values declared to be of type xs:ID in this specification MUST satisfy the following properties in addition to those imposed by the definition of the xs:ID type itself: 在本规范中声明为xs:ID类型的值除了必须满足xs:ID类型本身的定义所规定的那些属性之外,还必须满足以下属性:

  • Any party that assigns an identifier MUST ensure that there is negligible probability that that party or any other party will accidentally assign the same identifier to a different data object. 分配标识符的任何一方都必须确保该方或任何其他方将偶然将同一标识符分配给不同数据对象的可能性极小。
  • Where a data object declares that it has a particular identifier, there MUST be exactly one such declaration. 如果数据对象声明它具有特定的标识符,则必须有一个这样的声明。

The mechanism by which a SAML system entity ensures that the identifier is unique is left to the implementation. SAML系统实体确保标识符唯一的机制留给实现。 In the case that a random or pseudorandom technique is employed, the probability of two randomly chosen identifiers being identical MUST be less than or equal to 2-128 and SHOULD be less than or equal to 2-160. 在采用随机或伪随机技术的情况下,两个随机选择的标识符相同的概率必须小于或等于2-128,并且应小于或等于2-160。

You should use one of the existing way to generate the ID. 您应该使用现有方法之一来生成ID。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JAVA服务提供商SAML2请求-禁用数字签名 - JAVA service provider SAML2 request - disable digital signature SAML2-响应没有任何可以通过主题验证的有效断言 - SAML2 - Response doesn't have any valid assertion which would pass subject validation 以CAS和SAML2 SSO为例 - CAS and SAML2 SSO by example SAML2 SSO断言使用者 - SAML2 SSO Assertion Consumer Java SAML2 SSO客户端 - Java SAML2 SSO client 从Java中的ADFS获取SAML2令牌 - Get a SAML2 Token from ADFS in Java 将SAML2 AuthnRequest转换为Java类 - Convert SAML2 AuthnRequest to Java classes Spring Security SAML2 未找到 entityID - Spring Security SAML2 no entityID is found JWT 同一路径回退到 SAML2 的身份验证 - JWT authentication with fallback to SAML2 for the same path 尝试获取SAML2令牌时出现SOAPFaultException - SOAPFaultException while trying to get SAML2 token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM