1. Accueil
  2. Question et réponse
  3. Erreur de syntaxe tout en générant SAML Token

Erreur de syntaxe tout en générant SAML Token

2017-10-17 13 views
0

Ceci est lié à ma question précédente: SAML Assertion in a XML using C#Erreur de syntaxe tout en générant SAML Token

La balise <saml2:Issuer> se termine toujours après la <Signature> alors qu'il devrait être

<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509Subjec‌​‌​tName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US</saml2:Issuer>

Je dois également aider sur créer la partie <saml2:Subject> </saml2:Subject> qui devrait venir après le </Signature> et doit ajouter la valeur de la clé de signature à l'intérieur de la balise <saml2:Subject> </saml2:Subject>. Veuillez vérifier la sortie désirée mentionnée dans mon article précédent. Quelqu'un peut-il m'aider à ce sujet?

code C#

using System; 
using System.Collections.Generic; 
using System.IO; 
using System.Linq; 
using System.Net; 
using System.Security.Cryptography.X509Certificates; 
using System.Security.Cryptography.Xml; 
using System.Text; 
using System.Threading.Tasks; 
using System.Xml; 

namespace Certificate 
{ 
    class Program 
    { 
     const string FILENAME = @"D:\Certificate\ITI55.xml"; 
     static void Main(string[] args) 
     { 
      XmlDocument doc = new XmlDocument(); 
      CreateSoap(doc); 
      XmlElement issuer = (XmlElement)(doc.GetElementsByTagName("saml2:Issuer")[0]); 
      XmlElement body = (XmlElement)(doc.GetElementsByTagName("soap:Body")[0]); 

      using (WebClient client = new WebClient()) 
      { 
       byte[] xmlBytes = client.DownloadData(FILENAME); 
       body.InnerXml = Encoding.UTF8.GetString(xmlBytes); 
      } 
      string pfxpath = @"D:\Certificate\Test-cert.pfx"; 
      X509Certificate2 cert = new X509Certificate2(File.ReadAllBytes(pfxpath),"123456789"); 
      SignXmlWithCertificate(issuer, cert); 

      File.WriteAllText(@"D:\Certificate\digitallysigned.xml",doc.OuterXml); 
     } 
     public static void CreateSoap(XmlDocument doc) 
     { 
      DateTime date = DateTime.Now; 
      string soap = string.Format(
       "<?xml version=\"1.0\"?>" + 
       "<soap:Envelope" + 
       " xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"" + 
       " xmlns:wsse11=\"http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd\"" + 
       " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"" + 
       " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd\"" + 
       " xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"" + 
       " xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" + 
       " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" + 
       " xmlns:exc14n=\"http://www.w3.org/2001/10/xml-exc-c14n#\">" + 

          "<soap:Header>" + 
            "<To mustUnderstand=\"true\"" + 
            " xmlns=\"http://www.w3.org/2005/08/addressing\">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery" + 
            "</To>" + 
            "<Action mustUnderstand=\"true\"" + 
            " xmlns=\"http://www.w3.org/2005/08/addressing\">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery" + 
            "</Action>" + 
            "<ReplyTo mustUnderstand=\"true\"" + 
            " xmlns=\"http://www.w3.org/2005/08/addressing\">" + 
            "<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>" + 
            "</ReplyTo>" + 
            "<MessageID mustUnderstand=\"true\"" + 
            " xmlns=\"http://www.w3.org/2005/08/addressing\">461433e3-4591-453b-9eb6-791c7f5ff882" + 
            "</MessageID>" + 
            "<wsse:Security soap:mustUnderstand=\"true\">" + 
            "<wsu:Timestamp wsu:Id=\"_1\"" + 
             " xmlns:ns17=\"http://docs.oasis-open.org/ws-sx/wssecureconversation/200512\"" + 
             " xmlns:ns16=\"http://schemas.xmlsoap.org/soap/envelope/\">" + 
             "<wsu:Created>2012-06-08T18:31:44Z</wsu:Created>" + 
             "<wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires>" + 
            "</wsu:Timestamp>" + 
            "<saml2:Assertion ID=\"_883e64a747a5449b83821913a2b189e6\" IssueInstant=\"{0}\" Version=\"2.0\"" + 
             " xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"" + 
             " xmlns:exc14n=\"http://www.w3.org/2001/10/xml-excc14n#\"" + 
             " xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"" + 
             " xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"" + 
             " xmlns:xs=\"http://www.w3.org/2001/XMLSchema\">" + 
             "<saml2:Issuer Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US" + 
             "</saml2:Issuer>" + 
            "</saml2:Assertion>" + 
            "</wsse:Security>" + 
           "</soap:Header>" + 
           "<soap:Body>" + 
           "</soap:Body>" + 
          "</soap:Envelope>", 
          date.ToUniversalTime().ToString("yyyy-MM-ddThh:mm:ss.fffZ")); 
      doc.LoadXml(soap); 
     } 
     public static void SignXmlWithCertificate(XmlElement doc, X509Certificate2 cert) 
     { 
      SignedXml signedXml = new SignedXml(doc); 
      signedXml.SigningKey = cert.PrivateKey; 
      Reference reference = new Reference(); 
      reference.Uri = ""; 
      reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); 
      signedXml.AddReference(reference); 

      KeyInfo keyInfo = new KeyInfo(); 
      keyInfo.AddClause(new KeyInfoX509Data(cert)); 

      signedXml.KeyInfo = keyInfo; 
      signedXml.ComputeSignature(); 
      XmlElement xmlsig = signedXml.GetXml(); 

      doc.AppendChild(xmlsig); 
     } 
    } 
}

Courant de sortie

<?xml version="1.0"?> 
<soap:Envelope 
    xmlns:soap="http://www.w3.org/2003/05/soap-envelope" 
    xmlns:wsse11="http://docs.oasisopen.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd" 
    xmlns:xs="http://www.w3.org/2001/XMLSchema" 
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
    xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
    xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"> 
    <soap:Header> 
     <To mustUnderstand="true" 
      xmlns="http://www.w3.org/2005/08/addressing">https://localhost:443/Gateway/PatientDiscovery/1_0/NwHINService/NwHINPatientDiscovery 
     </To> 
     <Action mustUnderstand="true" 
      xmlns="http://www.w3.org/2005/08/addressing">urn:hl7-org:v3:PRPA_IN201305UV02:CrossGatewayPatientDiscovery 
     </Action> 
     <ReplyTo mustUnderstand="true" 
      xmlns="http://www.w3.org/2005/08/addressing"> 
      <Address>http://www.w3.org/2005/08/addressing/anonymous</Address> 
     </ReplyTo> 
     <MessageID mustUnderstand="true" 
      xmlns="http://www.w3.org/2005/08/addressing">461433e3-4591-453b-9eb6-791c7f5ff882 
     </MessageID> 
     <wsse:Security soap:mustUnderstand="true"> 
      <wsu:Timestamp wsu:Id="_1" 
       xmlns:ns17="http://docs.oasis-open.org/ws-sx/wssecureconversation/200512" 
       xmlns:ns16="http://schemas.xmlsoap.org/soap/envelope/"> 
       <wsu:Created>2012-06-08T18:31:44Z</wsu:Created> 
       <wsu:Expires>2012-06-08T18:36:44Z</wsu:Expires> 
      </wsu:Timestamp> 
      <saml2:Assertion ID="_883e64a747a5449b83821913a2b189e6" IssueInstant="2017-10-17T04:42:15.609Z" Version="2.0" 
       xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
       xmlns:exc14n="http://www.w3.org/2001/10/xml-excc14n#" 
       xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
       xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 
       xmlns:xs="http://www.w3.org/2001/XMLSchema"> 
       <saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US 
        <Signature 
         xmlns="http://www.w3.org/2000/09/xmldsig#"> 
         <SignedInfo> 
          <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> 
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
          <Reference URI=""> 
           <Transforms> 
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> 
           </Transforms> 
           <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
           <DigestValue>Y4fQlgQom4UCIcQf09L17JAUnvE=</DigestValue> 
          </Reference> 
         </SignedInfo> 
         <SignatureValue>Zcd+kYVve4/Qq4BiacvG05d5sHo9Td9W3VpmtuXWOgElwnmZnkGd1cRrKrElAqs6Xe9zaLFFW0Y047Wv0dPWN/zCEPsvBKLI6cMZUkV3kM9jM8NsKrE+7UKBs8QRFKPTsEPBdNuK0uoc0dhAYS6kIHz015cte1ciMqkvSoYmBUb+Bn+nOzVMAiOzCsUmCnj8uTZuuP2FV2yGAlanOUmOPjeDVs5M9ZMjQ7pfrkp9NWtDPaXmafcEZ6IT3VTKcNEGbKD/3uL3YywUxNEIGNzen1YRqo3kLOYT3IPizbl0FFi5LtwefCxVEOUohYZuDG8lGMwmkzOT5TQMObQyIpESUw==</SignatureValue> 
         <KeyInfo> 
          <X509Data> 
           <X509Certificate>MIIEZTCCA02gAwIBAgIJAMOJ3N+F0yoBMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3RvbjESMBAGA1UEChMJQ29nbml6YW50MR0wGwYDVQQLExRTb2Z0d2FyZSBFbmdpbmVlcmluZzEaMBgGA1UEAxMRd3d3LmNvZ25pemFudC5jb20wHhcNMTcxMDExMDUwMzQ4WhcNMTgxMDExMDUwMzQ4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjIFT5mA4jIxXUilmH56Xk2n44vWaiVDR9KfsdKYUeGO/y0f0aUn+cwBeB7zR9Il8YLgaNh1dVvShvlwm31kWTD+dnTrnHB8pMHYh7Y5k7zSLeLgZolWqm+kpEBnre5MLwa2O+Thy6skpmr3sGE+t7mSibEptYSf1lfB2qCHUXYf+jfAJdNuXo3pJsPGsXwU0L1KPnUJIRMs4l4b8JvwZO3cj2eOSGd5JGDCSYG2w+o/Cgyq/A5iDMVgtsyds5kp3JIvhfqXmxhZxkmiTHm4AOglkTY96v7eptDZ0+yspt5p2H5fU1loVwLXQHnk8lXqV3gF+JD8iUEcNrwEX6xbNQIDAQABo4HlMIHiMB0GA1UdDgQWBBSHY9xnAIinZJNFNq7A5dVaa9D0FjCBsgYDVR0jBIGqMIGngBSHY9xnAIinZJNFNq7A5dVaa9D0FqGBg6SBgDB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xEjAQBgNVBAoTCUNvZ25pemFudDEdMBsGA1UECxMUU29mdHdhcmUgRW5naW5lZXJpbmcxGjAYBgNVBAMTEXd3dy5jb2duaXphbnQuY29tggkAw4nc34XTKgEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAp0hd/qIbFUpdCAzY9K3/PKGOjlKJn6npyeeE4+jYandvpbxvPo00XCY+pvdLBejoPjnsNjgVYl5Y41SdI2hNP7F65h3BjG3C8AsA98KFIZrBaTaTiLk2B8Tr2Q7MSUcHSEbcs1uSUA8Uzmk4NdJICkLrLKgrWdRBKVyigZi+rD1vD4LTsQoVzQqBD8K8p8h5stOH0x1l5NxTsn3M6o4Q86fGzFLNDK2KUok7AcFl7I17l5DuOYgzIvqgQzCgQ+V/4alJ7dfkVOSqH/0oar5yDCLYjlXtMkqUQlLnni2NSLDmMJfWQ8HWJaAMAhu1hbG9LrUqN4/Xue6tyuWz+i0+0Q==</X509Certificate> 
          </X509Data> 
         </KeyInfo> 
        </Signature> 
       </saml2:Issuer> 
      </saml2:Assertion> 
     </wsse:Security> 
    </soap:Header> 
    <soap:Body> 
     <PRPA_IN201305UV02 
      xmlns="urn:hl7-org:v3" 
      xmlns:ns2="urn:gov:hhs:fha:nhinc:common:nhinccommon" 
      xmlns:ns3="http://www.w3.org/2005/08/addressing" 
      xmlns:ns4="urn:gov:hhs:fha:nhinc:common:patientcorrelationfacade" 
      xmlns:ns5="http://www.hhs.gov/healthit/nhin" 
      xmlns:ns6="urn:oasis:names:tc:ebxml-regrep:xsd:rim:3.0" 
      xmlns:ns7="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0" 
      xmlns:ns8="urn:oasis:names:tc:ebxml-regrep:xsd:query:3.0" ITSVersion="XML_1.0" nullFlavor=""> 
      <id extension="50a6fe29-cfd5-45ef-8cbe-67e567c9a23c" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" /> 
      <creationTime nullFlavor="" value="20150309171201" /> 
      <interactionId extension="PRPA_IN201305UV02" nullFlavor="" root="2.16.840.1.113883.1.6" /> 
      <processingCode code="T" nullFlavor="" /> 
      <processingModeCode code="T" nullFlavor="" /> 
      <acceptAckCode code="NE" nullFlavor="" /> 
      <receiver typeCode="RCV"> 
       <device classCode="DEV" determinerCode="INSTANCE"> 
        <id root="2.16.840.1.113883.3.1259.10.1003" /> 
        <asAgent classCode="AGNT"> 
         <representedOrganization classCode="ORG" determinerCode="INSTANCE"> 
          <id root="2.16.840.1.113883.3.1259.10.1003" /> 
         </representedOrganization> 
        </asAgent> 
       </device> 
      </receiver> 
      <sender nullFlavor="" typeCode="SND"> 
       <device classCode="DEV" determinerCode="INSTANCE" nullFlavor=""> 
        <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" /> 
        <asAgent classCode="AGNT" nullFlavor=""> 
         <representedOrganization classCode="ORG" determinerCode="INSTANCE" nullFlavor=""> 
          <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" /> 
         </representedOrganization> 
        </asAgent> 
       </device> 
      </sender> 
      <controlActProcess classCode="CACT" moodCode="EVN" nullFlavor=""> 
       <code code="PRPA_TE201305UV02" codeSystem="2.16.840.1.113883.1.6" nullFlavor="" /> 
       <authorOrPerformer nullFlavor="" typeCode="AUT"> 
        <assignedDevice classCode="ASSIGNED" nullFlavor=""> 
         <id nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" /> 
        </assignedDevice> 
       </authorOrPerformer> 
       <queryByParameter nullFlavor=""> 
        <queryId extension="ee72b41a-4eb6-4eb0-ab74-0d4ea29dd1b2" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.30" /> 
        <statusCode code="new" nullFlavor="" /> 
        <responseModalityCode code="R" nullFlavor="" /> 
        <responsePriorityCode code="I" nullFlavor="" /> 
        <parameterList nullFlavor=""> 
         <livingSubjectAdministrativeGender nullFlavor=""> 
          <value code="M" nullFlavor="" /> 
          <semanticsText nullFlavor="" /> 
         </livingSubjectAdministrativeGender> 
         <livingSubjectBirthTime nullFlavor=""> 
          <value nullFlavor="" value="19600210" /> 
          <semanticsText nullFlavor="" /> 
         </livingSubjectBirthTime> 
         <livingSubjectId nullFlavor=""> 
          <value extension="1000131023" nullFlavor="" root="2.16.840.1.113883.3.89.102.15.50" /> 
          <semanticsText nullFlavor="" /> 
         </livingSubjectId> 
         <livingSubjectName nullFlavor=""> 
          <value nullFlavor="" use=""> 
           <given partType="GIV" qualifier="">Robert</given> 
           <given partType="GIV" qualifier="">M</given> 
           <family partType="FAM" qualifier="">Carson</family> 
          </value> 
          <semanticsText nullFlavor="" /> 
         </livingSubjectName> 
        </parameterList> 
       </queryByParameter> 
      </controlActProcess> 
     </PRPA_IN201305UV02> 
    </soap:Body> 
</soap:Envelope>

Source

2017-10-17 Aritra

+0

Répondre en double: https://stackoverflow.com/questions/46722997/saml-assertion-in-a-xml-using-c-sharp. Signature doit être un enfant de l'affirmation et non un enfant de l'émetteur. – jdweng

Répondre

0

Au lieu de générer le jeton SAML comme celui-ci (ce qui est très dynamique), pourquoi ne pas utiliser le construit en .Net bibliothèque WIF pour créer l'assertion: https://msdn.microsoft.com/en-us/library/microsoft.identitymodel.tokens.saml2.saml2assertion.aspx. Vous pouvez générer le XML de l'assertion générée par ceci comme indiqué dans cette réponse: Working with SAML 2.0 in C# .NET 4.5 Ou mieux, pourquoi ne pas utiliser des bibliothèques tierces comme Component Space (https://www.componentspace.com/) qui sont vraiment faciles à utiliser?

Source

2017-10-17 16:17:39

 Questions connexes

  • Aucun problème connexe^_^