1

我已按照以下步骤使用 wso2 身份服务器配置 simpleSAMLphp。

http://blog.facilelogin.com/2013/06/wso2-identity-server-saml2-idp-with.html工作正常。

使用 wso2 登录后,我得到以下 SAML 响应...

<saml2p:Response ID="epgkocboaoejainknoilcfahcifmihnnmnolgbda"
                 InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
                 IssueInstant="2013-07-23T12:12:19.744Z"
                 Version="2.0"
                 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 >
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </saml2p:Status>
    <saml2:Assertion ID="icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec"
                     IssueInstant="2013-07-23T12:12:19.744Z"
                     Version="2.0"
                     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     >
        <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://localhost:9443/samlsso</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <ds:Reference URI="#icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>sWsl9Q1RCGqgD97tAlU4X506ylw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
M1yd1WRy6L6LiUa1KcRDZF23I/ilnrYvLxLeeXRTeTIM/kCaDy2eQHOJmJuPuxD8C/RBFLJ2eZQb
shL+AghTUITrqDS09RgYhMkdAygHsTqBBihpXHmsLuMiaW+j4HNSuMfCcg8RHaTZRiv7vOSKIKHI
icXcxcKGuvIlw0DDjds=
</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID>USER_NAME</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
                                               NotOnOrAfter="2013-07-23T12:17:19.744Z"
                                               Recipient="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
                                               />
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2013-07-23T12:12:19.744Z"
                          NotOnOrAfter="2013-07-23T12:17:19.744Z"
                          >
            <saml2:AudienceRestriction>
                <saml2:Audience>simplesaml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2013-07-23T12:12:19.744Z"
                              SessionIndex="2BD082E8D8D9D105C26AB2F2A7EE2676"
                              >
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
    </saml2:Assertion>
</saml2p:Response>


where this is my REQUEST SAML

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="_835772cc96b22070921db3a9a341590d734bacdfbb"
                    Version="2.0"
                    IssueInstant="2013-07-23T12:12:11Z"
                    Destination="https://localhost:9443/samlsso"
                    AssertionConsumerServiceURL="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    >
    <saml:Issuer>simplesaml</saml:Issuer>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        AllowCreate="true"
                        />
</samlp:AuthnRequest>

我无法在我的 simpleSAML 响应中获得有关用户的任何属性。

如何从WSO2 身份服务器指定我需要的属性

??

4

1 回答 1

3

当您在 Identity Server 4.5.0 (IS) 中的服务提供商 (SP) 注册时启用“属性配置文件”时,将生成唯一的“消费者索引”,随后的 SAML 请求应包含该值以便 IS 发送响应中的用户属性。

但是,如果您想在不发送该索引值的情况下获取属性,则可以在 SP 注册时启用“始终在响应中包含属性”。此选项在 IS 4.5.0 GA 版本中可用。

于 2013-09-10T11:43:44.923 回答