2014-02-14 55 views
0

如何使用openAM.Could任何人指向任何有用的鏈接或代碼來解析響應SAML 2.0解析響應SAML。如何使用openAM

這裏是我的迴應SAML,

<saml2p:Response Destination="https://www.google.com/a/squaresquare.biz/acs" 
IssueInstant="2010-08-04T17:47:20.956Z" 
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
InResponseTo="djfnhepndikoonjjkeomgplmkjofobhdbdieihpa" Version="2.0" 
ID="_bd24b4a3514fd93800d2a43cafc98edb"> 

<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
Format="urn:oasis:names:tc:SAML:2.0:nameid- 
format:entity">http://my.ssodemo.url.demo.google.com/idp/shibboleth</saml2:Issuer> 

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<ds:SignedInfo> 
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> 
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod> 
    <ds:Reference URI="#_bd24b4a3514fd93800d2a43cafc98edb"> 
    <ds:Transforms> 
     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> 
     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
     <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="dssaml2saml2p"></ec:InclusiveNamespaces> 
     </ds:Transform> 
    </ds:Transforms> 
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> 
    <ds:DigestValue>m/lUCS3nvfGuSJFKAtIz+ZrfxTU=</ds:DigestValue> 
    </ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue>PLdYgU9u5KirVrMHNSwYvk6fQ401dMbpuiDXpapKf0eOKC6pN3g7tnTEzvfOaXhkDNXVmGN+lXQ6iUDppWpdO2MbvPVZabOBPU1aAO+CWI53ciC0rYsxpFzQLLMC/7x9Wk7VFFmYEecxAJV+lTWvp8ZKXvwqZbhiTO/23EC0xconGhnwSvKjJWQuLnMMaFWSjDFYyzgsp34cR7aX/eqhhJyA/rr2uFdmgEdagAl+/17ppgHgthgK+PJtX16AALtsoXonv6uybRCX/YiDRvM1VsdwusVq5tXh9V+bTMZcgi/3Eh+Em/OZp0En8pqOngvL19U4LfqG0yJZjoDGkpHuhA==</ds:SignatureValue> 
<ds:KeyInfo> 
    <ds:X509Data> 
<ds:X509Certificate>MIIDgjCCAmqgAwIBAgIVAKgIqbzZl7+0p2qjxJFVJs3DE/jxMA0GCSqGSIb3DQEBBQUAMDAxLjAsBgNVBAMTJWh0dHA6Ly93cGgtdWJpcTI3LmhvdC5jb3JwLmdvb2dsZS5jb20wHhcNMTAwNzIxMTcxNTA5WhcNMzAwNzIxMTcxNTA5WjAwMS4wLAYDVQQDEyVodHRwOi8vd3BoLXViaXEyNy5ob3QuY29ycC5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioQsJycRmjPjB2xlH0iSGn14lNbO/jIVgiGIlzZwlPkH1s2TTdwoTKKQBSe2s8AnJ4LliXlne/qWun3peYht0+RhejtB20L+Bw/I+iKQBGpHzgIKdkPGZnemWl9KqWQ/ZYKnY2x6qMEBmhUfYZcawzs26em5a+iaYlrTJNVEZ+QwWvg2/EOJvJNyBkSfXyxia5eAHV38Uy7xn0G5Zc9ge4ckCYj6b8a/UxpPJM61KztzY5coDwReQsDBq+DciGALJPbFk4783TW...etc.etc</ds:X509Certificate> 
    </ds:X509Data> 
</ds:KeyInfo> 
</ds:Signature> 
<saml2p:Status> 
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"> 
</saml2p:StatusCode> 
</saml2p:Status> 
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" 
IssueInstant="2010-08-04T17:47:20.956Z" ID="_73fe28bcbb68e93df954d8e2f25097b1"> 
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid- 
format:entity">http://my.ssodemo.url.demo.google.com/idp/shibboleth</saml2:Issuer> 
<saml2:Subject> 
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid- 
format:unspecified">my_username</saml2:NameID> 
    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
    <saml2:SubjectConfirmationData NotOnOrAfter="2010-08-04T17:52:20.956Z" InResponseTo="djfnhepndikoonjjkeomgplmkjofobhdbdieihpa" Recipient="https://www.google.com/a/squaresquare.biz/acs" Address="172.24.6.38"></saml2:SubjectConfirmationData> 
    </saml2:SubjectConfirmation> 
</saml2:Subject> 
<saml2:Conditions NotOnOrAfter="2010-08-04T17:52:20.956Z" NotBefore="2010-08-04T17:47:20.956Z"> 
    <saml2:AudienceRestriction> 
    <saml2:Audience>google.com</saml2:Audience> 
    </saml2:AudienceRestriction> 
</saml2:Conditions> 
<saml2:AuthnStatement 
SessionIndex="f306dd2bff4e9b3ba9218bd70fbaa87404d38a4c79547ac1edc9436a9f222213" 
AuthnInstant="2010-08-04T17:47:20.953Z"> 
    <saml2:SubjectLocality Address="172.24.6.38"></saml2:SubjectLocality> 
    <saml2:AuthnContext> 
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> 
</saml2:AuthnContext> 
</saml2:AuthnStatement> 
</saml2:Assertion> 
</saml2p:Response> 

在這裏,我要提取的SignatureValue和certificate.and我應該如何驗證簽名和證書提取後。

+0

你是什麼意思解析?你想讀取原始XML並獲取對象? –

+0

@Stefan是的,我想分析SAML並提取對象,如證書。 – maali

+0

好吧,所以你不想只使用OpenAM進行SSO?要manally解析SAML –

回答

1

好吧,你不想使用OpenAM這一點。爲此,我建議使用構建的OpenSAML庫來進行更多的手動底層SAML消息處理。有關OpenSAML的更多信息https://wiki.shibboleth.net/confluence/display/OpenSAML/Home 我也有一個博客,我已經寫了一些指南和技巧http://mylifewithjava.blogspot.no/search/label/SAML

+0

謝謝,我已經使用openAM用於提取對象,並能夠獲得某些標記, 響應RESP = ProtocolFactory.getInstance()createResponse(「SAML響應」)。 的System.out.println( 「發行方是」 + resp.getIssuer()的getValue()); 但我無法得到簽名和certificate.and如何使用OpenAM.does openAM爲此提供任何API來驗證。 – maali