.net JAVA服务提供商SAML2请求禁用数字签名
我正在尝试将Java SP(服务提供商)与现有IDP(.net)集成 我的问题是,我的服务提供商正在发送带有<;签名信息>;我不需要
是否有办法按需启用/禁用此功能
(我正在使用spring-security-saml2-core并使用xml提供IDP提供程序)
我需要的是这样的东西:
<samlp:AuthnRequest ID="_66a1c753-1636-4fbc-8f5d-313b19579558"
Version="2.0"
IssueInstant="2018-11-07T22:48:54.286Z"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
IsPassive="false"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:30941/SAML/AssertionConsumerService"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:My-Localhost</saml:Issuer>
但我的java客户端正在发送:
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
ID="a4065059de35d17j11h270ai65i44hj"
IsPassive="false"
IssueInstant="2018-11-08T17:01:16.853Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">localhost-demo</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a4065059de35d17j11h270ai65i44hj">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RBuhWuT4+my+G95BEKpRam2l/qs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NNy2s52kGCuQQADw7RdCAmAO4chm7BDjW0EJfdyvsgtdygdyrgyhdPNPv9LX2N+XT+syOqUm2VAOlMntBm/BpDkiAi3exIXR/lwph04ehKL6x5WladLCzEaRLOBE0LrFw+WdYOULZp+MRmMN8SsW8XOc5ItVdfhDHBbnUurthi3V7Uq/Q6lfzU9QlxywfMJirWHg==</ds:SignatureValue> < ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJdfsdgfsdartesgtrygerytoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo> </ds:Signature>
# 1 楼答案
有关编辑SP元数据的详细信息,请参阅 Configuration metadata 。您可以添加属性
requestSigned
,并将其设为false,以防身份验证请求不需要签名。默认情况下,该值为true