OpenSAML-篡改SAML测试响应
[英]Opensaml - tamper saml response for testing
问题描述
I need to test a service provider implementation and we are using opensaml. 
我需要测试服务提供商的实现,我们正在使用opensaml。 I want to alter a given saml response and do permutation of assertion s elements , inject more assertion and so on. 我想更改给定的saml响应,并对断言的元素进行置换,注入更多断言,等等。 I was able to cover some cases by using opensaml method itself like getassertions on saml response object. 我可以通过使用opensaml方法本身来解决某些情况,例如在saml响应对象上使用getassertions。 But i see that if i want to move elements around or do more complex manipulation i would need to play with the respone as dom document . 但是我看到,如果我想移动元素或进行更复杂的操作,则需要将响应作为dom文档使用。 Does opensaml provide such funcutionality? opensaml是否提供这种功能? If not how i can create an encoded response from the modified xml?.thanks 如果不是,我怎么能从修改后的xml创建编码的响应?
1 个解决方案
解决方案1
0 2017-11-09 12:54:49
If you want to maniupulate the XML in a way that does not conform to the SAML standard then you can not use OpenSAML, "move elements around" implies this. 如果要以不符合SAML标准的方式处理XML,则不能使用OpenSAML,“移动元素”暗示了这一点。 In this case I would try to manually craft the XML and then write a manual encoder based on information in the SAML spec. 在这种情况下,我将尝试手动制作XML,然后根据SAML规范中的信息编写手动编码器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.