Tout, j'ai une question rapide sur la réponse SAML 2.0 avec laquelle j'ai travaillé dans le cadre de mon SSO web. Nous sommes le fournisseur d'identité et nous envoyons un jeton SAML à notre fournisseur de services (SP). SP veut que nous signions le tout avant de l'envoyer. Nous avons déjà envoyé notre certificat public SP. Les détails du certificat passent-ils sous l'élément dans la réponse SAML 2.0 générée? Est-ce que les déplacés internes ou les fournisseurs de services (SP) .Nous ne disposent pas d'un certificat public de notre SP encoreRéponse SAML 2.0 et l'élément KeyInfo
<samlp2:Response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_71b134e9-1ab3-4680-90a4-3b95c8530a59" Version="2.0" IssueInstant="2017-09-21T17:29:21.6178748Z" Destination="https://sp.com" xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_79b534eb-9771-4d22-9d61-d4dc5997be70">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>RzEq/7vrq</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>jQCx6BZyoW+okh+zxwrd</SignatureValue>
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=CA, DC=us, DC=local</X509IssuerName>
<X509SerialNumber>1248841732558767</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MIIEpTCCA42gAwIBAgITOAAAARWJYtXzIdPzr</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<samlp2:Status>
<samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp2:Status>
<saml2:Assertion Version="2.0" ID="_79b534eb-9771-4d22-9d61-d4dc5997be70" IssueInstant="2017-09-21T17:29:21.6208748Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>https://mycompany.com/</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">TestUser</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData NotBefore="2017-09-21T17:29:21.6218748Z" NotOnOrAfter="2017-09-21T17:33:21.6218748Z" />
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2017-09-21T17:29:21.6218748Z" NotOnOrAfter="2017-09-21T17:33:21.6218748Z" />
<saml2:AuthnStatement AuthnInstant="2017-09-21T17:29:21.6228748Z" SessionNotOnOrAfter="2017-09-21T17:34:21.6228748Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml20:AttributeStatement xmlns:saml20="urn:oasis:names:tc:SAML:2.0:assertion">
<saml20:Attribute Name="MyCompany" NameFormat="www.sp.com">
<saml20:AttributeValue>test value</saml20:AttributeValue>
</saml20:Attribute>
</saml20:AttributeStatement>
</saml2:Assertion>
</samlp2:Response>
Merci, Tomer Sela –