堆栈内存溢出
  简体   繁体   English

如何提交OpenSaml回复?

[英]How to submit OpenSaml response?

 原文  2017-09-11 16:03:34       java/ soap/ http-post/ opensaml

问题描述

I'm building a org.opensaml.saml.saml2.core.Response with openSAML v3.2.0. 我正在使用openSAML v3.2.0构建org.opensaml.saml.saml2.core.Response。 I've the signed the response and would like to submit it. 我已经签署了回复,并希望将其提交。

I tried following openSAML book (A Guide to OpenSAML v3) but it doesn't seem to be of help with my scenario. 我尝试了以下openSAML书(《 OpenSAML v3指南》),但它对我的情况似乎没有帮助。 I have ac# demo project with basically submits the response by HTTPPost. 我有一个ac#演示项目,基本上通过HTTPPost提交了响应。 I'm writing the same in java with opensaml. 我正在用opensaml在Java中编写相同的内容。 Do I have to build an artifact as the book suggest? 我是否必须按照书中的建议构建工件? The book example suggests that I send the ArtifactResolve using SOAP even though I'm building a Response. 该书示例建议即使我正在构建Response,也要使用SOAP发送ArtifactResolve。

With the response object above, I'd like to post the response object to an idp. 使用上面的响应对象,我想将响应对象发布到idp。

What is the best way to achieve this? 实现此目标的最佳方法是什么? - Is it a good idea to create an Envelope object? -创建信封对象是个好主意吗? With the response object from the saml2 package, how can I create a org.opensaml.soap.soap11.Envelope? 使用saml2包中的响应对象,如何创建org.opensaml.soap.soap11.Envelope?

Any help is much appreciated! 任何帮助深表感谢! Thanks! 谢谢!

1 个解决方案

解决方案1
 1 已采纳  2017-09-18 11:32:29

You don't have to build artifact as the book suggests. 您不必像书中所述那样构建工件。 Using Artifacts has some security, privacy, and other benefits. 使用Artifacts具有一些安全性,隐私权和其他好处。 Look Scott T. answer to understand the benefits of using Artifact binding - https://stackoverflow.com/a/13618537/1163424 查看Scott T.答案以了解使用Artifact绑定的好处-https: //stackoverflow.com/a/13618537/1163424

Per your question, You can also pass the Response to the SP using POST binding. 根据您的问题,您还可以使用POST绑定将响应传递给SP。 The way to do that is to encode your Response XML (With the signned Assertion) into Base64 string and make the client web-app POST it to the SP ACS (Assertion Consumer Service). 这样做的方法是将您的Response XML(带有签名的断言)编码为Base64字符串,并使客户端网络应用将其过帐到SP ACS(断言消费者服务)。

You pass SAMLResponse parameter with base64 string as value and a RelayState parameter which will be used to set the state in the SP web-app, As written in the SAML 2 Bindings specification page 21. 您传递的SAMLResponse参数具有base64字符串作为值和RelayState参数,这些参数将用于设置SP Web应用程序中的状态,如SAML 2绑定规范第21页中所述。

Also, I suggest using the SAML tool to validate your Response message. 另外,我建议使用SAML工具来验证您的响应消息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用opensaml验证(azure)saml xml响应? - How to validate (azure) saml xml response with opensaml? 使用openSAML签名响应 - Signing response using openSAML 如何将SignatureValue和KeyInfo添加到OpenSaml3响应中? - How do I add SignatureValue and KeyInfo to OpenSaml3 Response? 如何在RestEasy服务中使用OpenSAML处理SAML v2响应 - How to handle SAML v2 response using OpenSAML in RestEasy service OpenSAML如何检查SAML响应(签名/证书)是否真的来自我的IDP? - OpenSAML how to check if SAML Response (signature/cert) is really from my IDP? 如何在 opensaml 4.0.1 中导入 AuthnContextClassRef? - How to import AuthnContextClassRef in opensaml 4.0.1? 如何在OpenSAML中将简单的XML元素添加为AttributeValue? - How to add simple XML element as AttributeValue in OpenSAML? 如何读取用于OpenSAML的私钥? - How to read a private key for use with OpenSAML? 使用OpenSAML创建和签名响应(在Java中),但无法验证签名 - Using OpenSAML to create and sign response (in Java) but having trouble validating the signature 如何从 opensaml 2.6 迁移到 3.1.1 - how to migrate from opensaml 2.6 to 3.1.1
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM