0

我在 localhost:9443 上启动并运行了 wso2 身份服务器。我创建了 .net 应用程序作为服务提供者。我的应用程序使用 OIOSAML.NET 框架。我需要 SAML 格式的 wso2 ids 元数据。它应该是这样的:

<?xml version="1.0"?>
<q1:EntityDescriptor entityID="http://wso:9443/" ID="ide17674a8a4ca424da09d05939a841485" xmlns:q1="urn:oasis:names:tc:SAML:2.0:metadata"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#ide17674a8a4ca424da09d05939a841485"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>yNQMi2eKXcIMbbHgd9pkMR6NrQk=</DigestValue></Reference></SignedInfo><SignatureValue>WxQRp4EZ5AVSsLjqt6jeiqIs2b05Uh8DeiwgmUxc8XnuAVqVvsjhqyzFONKNC56GnmnZSOtO2l8W8hIDw3pNhQhDa6iEdXQHE4flGFZTUlUCL3M5Owc/BN3MMv4dJqMvumMszz79QsTeTAuI779T3APytPOfB92V0+Rw3PrMMX8=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate></X509Data></KeyInfo></Signature>
  <q1:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <q1:KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate>
        </X509Data>
      </KeyInfo>
    </q1:KeyDescriptor>
    <q1:KeyDescriptor use="encryption">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <X509Data>
          <X509Certificate>MIIB0TCCATqgAwIBAgIQE0QKzPxrX51LbIQIblakJjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTIxMTIxMTE0NjUwWhcNMTcxMTIxMDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL97SjGhJBcdoZ2Ug+1KWFZJPQVt7nR6Dxpi1EGEWM6/l51rqnEZXRtMbysnYipykzWfh7lzi4BYkwBXf+5rtp7q8WPA0QIWLnbDMhoOFFP41nPOYU0SSKJzbxOrTUCK0sRcMrksClONEgakRi/fYlSfzJb6t9morqL4E9bi+8qtAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAO3TS3Z/frP3Kul34Ehiq0fLcStiKxQqZ2K5qkT1ajo6/sYF9UB/3k69sayjqKueCy/YqGFxuTse0v72+OgoeN9vlHXsxOt0jZ4W0u58RSf52OoEu8P9lq182YSB1X6A6U+oWTXZsXstWWmV/p0y+vsjBjTS0Mk7BXxkdolqDSiA==</X509Certificate>
        </X509Data>
      </KeyInfo>
    </q1:KeyDescriptor>
    <q1:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://wso:9443/samlsso" />
    <q1:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://wso:9443/samlsso" />
    <Attribute Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
    <Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
    <Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
    <Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
    <Attribute Name="dk:gov:saml:attribute:CvrNumberIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
    <Attribute Name="urn:dk:oes:2009-10:Xform:attribute:Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" />
  </q1:IDPSSODescriptor>
</q1:EntityDescriptor>

有没有办法导出这个元数据?

4

1 回答 1

1

可能这个回复太晚了。但是考虑分享这个答案,因为这可能对正在搜索 WSO2 Identity Server 的相同元数据文件的其他人有所帮助。

到目前为止,对于 WSO2 IS 4.5.0,我们没有生成元数据文件的机制。但是你可以手动制作。下面给出的是手动准备的这种方式的元数据文件。

 <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://localhost:9443/samlsso" validUntil="2023-09-23T06:57:15.396Z">
   <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
       <md:KeyDescriptor use="signing">
         <ds:KeyInfo>
            <ds:X509Data>
               <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
            </ds:X509Data>
         </ds:KeyInfo>
      </md:KeyDescriptor>
     <md:SingleLogoutService 
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
           Location="https://localhost:9443/samlsso" 
           ResponseLocation="https://localhost:9443/samlsso"/>

     <md:SingleSignOnService 
           Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
           Location="https://localhost:9443/samlsso"/>

     <md:SingleSignOnService
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
            Location="https://localhost:9443/samlsso"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
于 2013-09-26T04:23:59.827 回答