斷言我與Spring SAML工作,我有問題的消費SAML斷言(從Wikipedia article無法驗證SAML 2.0對架構
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="b07b804c-7c29-ea16-7300-4f3d6f7928ac"
Version="2.0"
IssueInstant="2004-12-05T09:22:05">
<saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData
InResponseTo="aaf23196-1773-2113-474a-fe114412ab72"
Recipient="https://sp.example.com/SAML2/SSO/POST"
NotOnOrAfter="2004-12-05T09:27:05"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions
NotBefore="2004-12-05T09:17:05"
NotOnOrAfter="2004-12-05T09:27:05">
<saml:AudienceRestriction>
<saml:Audience>https://sp.example.com/SAML2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement
AuthnInstant="2004-12-05T09:22:00"
SessionIndex="b07b804c-7c29-ea16-7300-4f3d6f7928ac">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute
xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500"
x500:Encoding="LDAP"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
FriendlyName="eduPersonAffiliation">
<saml:AttributeValue
xsi:type="xs:string">member</saml:AttributeValue>
<saml:AttributeValue
xsi:type="xs:string">staff</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
我得到的錯誤從XML驗證樣品斷言。這些錯誤來,甚至當我執行來自IDE的模式驗證(Intelij IDEA工具 - > XML操作 - >驗證)
它看起來像xenc-schema.xsd中的xml架構無效(應該包含inlcude而不是import)此代碼來自xmltooling-1.4 .ar庫(最新版)
這是在Spring SAML或xmltooling模式文件中的錯誤,還是我做錯了什麼?
我的商業案例是身份提供商發起的SSO。 作爲https://en.wikipedia.org/wiki/SAML_2.0#HTTP_POST_Binding描述,點 5.要求的斷言使用者服務的SP 我消耗SAML斷言在POST請求(體內含有SAMLResponse =
婁所有錯誤
<...>\xmltooling-1.4.4.jar!\schema\xmldsig-core-schema.xsd Error:(2, 360) src-import.3.1: The namespace attribute, ' http://www.w3.org/2000/09/xmldsig# ', of an element information item must be identical to the targetNamespace attribute, 'urn:oasis:names:tc:SAML:2.0:assertion', of the imported document.
<...>\xmltooling-1.4.4.jar!\schema\xenc-schema.xsd Error:(2, 360) src-import.3.1: The namespace attribute, ' http://www.w3.org/2001/04/xmlenc# ', of an element information item must be identical to the targetNamespace attribute, 'urn:oasis:names:tc:SAML:2.0:assertion', of the imported document.
<...>\opensaml-2.6.4.jar!\schema\saml-schema-assertion-2.0.xsd Error:(34, 48) src-resolve: Cannot resolve the name 'xenc:EncryptedData' to a(n) 'element declaration' component. Error:(46, 56) src-resolve: Cannot resolve the name 'ds:Signature' to a(n) 'element declaration' component.
<...>\wikipediaExample.xml Error:(11, 59) cvc-complex-type.2.4.a: Invalid content was found starting with element 'ds:Signature'. One of '{"urn:oasis:names:tc:SAML:2.0:assertion":Subject, "urn:oasis:names:tc:SAML:2.0:assertion":Conditions, "urn:oasis:names:tc:SAML:2.0:assertion":Advice, "urn:oasis:names:tc:SAML:2.0:assertion":Statement, "urn:oasis:names:tc:SAML:2.0:assertion":AuthnStatement, "urn:oasis:names:tc:SAML:2.0:assertion":AuthzDecisionStatement, "urn:oasis:names:tc:SAML:2.0:assertion":AttributeStatement}' is expected. Error:(11, 77) cvc-complex-type.2.3: Element 'ds:Signature' cannot have character [children], because the type's content type is element-only. Error:(11, 77) cvc-complex-type.2.4.b: The content of element 'ds:Signature' is not complete. One of '{" http://www.w3.org/2000/09/xmldsig# ":SignedInfo}' is expected.
對,錯誤消息的最後一行指向根本原因。我只是想知道爲什麼錯誤消息如此漫長而且誤導性 - 爲什麼第一行在模式文件中提到了一些錯誤? –