7

我在规范文档中找不到易于理解的答案。除了简单的答案,我很高兴能参考描述这一点的规范。

此问题是Authorization header in null 将其值设置为 Encrypted SAML 2 token 时的后续问题。

4

3 回答 3

9

RFC 2616, 14.8 授权

Authorization = "Authorization" ":" credentials

RFC 2616, 11 访问认证

"credentials" 本规范采用[RFC 2617]中 [..] 的定义。

RFC 2617, 1.2 1.2 访问认证框架

credentials    = auth-scheme #auth-param
auth-scheme    = token
auth-param     = token "=" ( token | quoted-string )

RFC 2617, 2 基本认证方案

For Basic, the framework above is utilized as follows:
 credentials = "Basic" basic-credentials

所以在固定Authorization:部分之后,你可以使用:

  • token,在使用 Digest 或任何其他未指定的身份验证方案时,后跟一个可选的"=" (token | quoted-string)(参见RFC 2616 的第 16 页),或者
  • "Basic" basic-credentials使用基本身份验证时,根据 RFC 2045basic-credentials进行base64 编码的位置。

我想尽管您实际上是在尝试提出不同的问题。您在实施特定授权机制方面是否有任何问题?你试图用什么语言来实现它,你目前有什么代码,问题是什么?

于 2013-10-22T08:13:54.310 回答
2

不要担心即将过时的规格,请看这里: http: //greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html##challenge.and.response

于 2013-10-23T08:32:24.873 回答
2

授权令牌中的有效字符

规范真的很难阅读,但据我了解,令牌可以包含以下任何 ASCII 字符:

Char Dec Col/Row Oct Hex  Name and Description
(!)   33  02/01   41  21                 EXCLAMATION MARK
(#)   35  02/03   43  23                 NUMBER SIGN
($)   36  02/04   44  24                 DOLLAR SIGN
(%)   37  02/05   45  25                 PERCENT SIGN
(&)   38  02/06   46  26                 AMPERSAND
(')   39  02/07   47  27                 APOSTROPHE
(*)   42  02/10   52  2A                 ASTERISK
(+)   43  02/11   53  2B                 PLUS SIGN
(-)   45  02/13   55  2D                 HYPHEN, MINUS SIGN
(.)   46  02/14   56  2E                 PERIOD, FULL STOP
(0)   48  03/00   60  30                 DIGIT ZERO
(1)   49  03/01   61  31                 DIGIT ONE
(2)   50  03/02   62  32                 DIGIT TWO
(3)   51  03/03   63  33                 DIGIT THREE
(4)   52  03/04   64  34                 DIGIT FOUR
(5)   53  03/05   65  35                 DIGIT FIVE
(6)   54  03/06   66  36                 DIGIT SIX
(7)   55  03/07   67  37                 DIGIT SEVEN
(8)   56  03/08   70  38                 DIGIT EIGHT
(9)   57  03/09   71  39                 DIGIT NINE
(A)   65  04/01  101  41                 CAPITAL LETTER A
(B)   66  04/02  102  42                 CAPITAL LETTER B
(C)   67  04/03  103  43                 CAPITAL LETTER C
(D)   68  04/04  104  44                 CAPITAL LETTER D
(E)   69  04/05  105  45                 CAPITAL LETTER E
(F)   70  04/06  106  46                 CAPITAL LETTER F
(G)   71  04/07  107  47                 CAPITAL LETTER G
(H)   72  04/08  110  48                 CAPITAL LETTER H
(I)   73  04/09  111  49                 CAPITAL LETTER I
(J)   74  04/10  112  4A                 CAPITAL LETTER J
(K)   75  04/11  113  4B                 CAPITAL LETTER K
(L)   76  04/12  114  4C                 CAPITAL LETTER L
(M)   77  04/13  115  4D                 CAPITAL LETTER M
(N)   78  04/14  116  4E                 CAPITAL LETTER N
(O)   79  04/15  117  4F                 CAPITAL LETTER O
(P)   80  05/00  120  50                 CAPITAL LETTER P
(Q)   81  05/01  121  51                 CAPITAL LETTER Q
(R)   82  05/02  122  52                 CAPITAL LETTER R
(S)   83  05/03  123  53                 CAPITAL LETTER S
(T)   84  05/04  124  54                 CAPITAL LETTER T
(U)   85  05/05  125  55                 CAPITAL LETTER U
(V)   86  05/06  126  56                 CAPITAL LETTER V
(W)   87  05/07  127  57                 CAPITAL LETTER W
(X)   88  05/08  130  58                 CAPITAL LETTER X
(Y)   89  05/09  131  59                 CAPITAL LETTER Y
(Z)   90  05/10  132  5A                 CAPITAL LETTER Z
(^)   94  05/14  136  5E                 CIRCUMFLEX ACCENT
(_)   95  05/15  137  5F                 LOW LINE, UNDERLINE
(`)   96  06/00  140  60                 GRAVE ACCENT
(a)   97  06/01  141  61                 SMALL LETTER a
(b)   98  06/02  142  62                 SMALL LETTER b
(c)   99  06/03  143  63                 SMALL LETTER c
(d)  100  06/04  144  64                 SMALL LETTER d
(e)  101  06/05  145  65                 SMALL LETTER e
(f)  102  06/06  146  66                 SMALL LETTER f
(g)  103  06/07  147  67                 SMALL LETTER g
(h)  104  06/08  150  68                 SMALL LETTER h
(i)  105  06/09  151  69                 SMALL LETTER i
(j)  106  06/10  152  6A                 SMALL LETTER j
(k)  107  06/11  153  6B                 SMALL LETTER k
(l)  108  06/12  154  6C                 SMALL LETTER l
(m)  109  06/13  155  6D                 SMALL LETTER m
(n)  110  06/14  156  6E                 SMALL LETTER n
(o)  111  06/15  157  6F                 SMALL LETTER o
(p)  112  07/00  160  70                 SMALL LETTER p
(q)  113  07/01  161  71                 SMALL LETTER q
(r)  114  07/02  162  72                 SMALL LETTER r
(s)  115  07/03  163  73                 SMALL LETTER s
(t)  116  07/04  164  74                 SMALL LETTER t
(u)  117  07/05  165  75                 SMALL LETTER u
(v)  118  07/06  166  76                 SMALL LETTER v
(w)  119  07/07  167  77                 SMALL LETTER w
(x)  120  07/08  170  78                 SMALL LETTER x
(y)  121  07/09  171  79                 SMALL LETTER y
(z)  122  07/10  172  7A                 SMALL LETTER z
(|)  124  07/12  174  7C                 VERTICAL LINE, VERTICAL BAR
(~)  126  07/14  176  7E                 TILDE

也可以包括以下内容,但它们必须在带引号的字符串中:

Char Dec Col/Row Oct Hex  Name and Description
       9  00/09   11  09  HT   (Ctrl-I)  HORIZONTAL TAB
      10  00/10   12  0A  LF   (Ctrl-J)  LINE FEED
      13  00/13   15  0D  CR   (Ctrl-M)  CARRIAGE RETURN
( )   32  02/00   40  20                 SPACE
(")   34  02/02   42  22                 QUOTATION MARK
(()   40  02/08   50  28                 LEFT PARENTHESIS
())   41  02/09   51  29                 RIGHT PARENTHESIS
(,)   44  02/12   54  2C                 COMMA
(/)   47  02/15   57  2F                 SOLIDUS, SLASH
(:)   58  03/10   72  3A                 COLON
(;)   59  03/11   73  3B                 SEMICOLON
(<)   60  03/12   74  3C                 LESS-THAN SIGN, LEFT ANGLE BRACKET
(=)   61  03/13   75  3D                 EQUALS SIGN
(>)   62  03/14   76  3E                 GREATER-THAN SIGN, RIGHT ANGLE BRACKET
(?)   63  03/15   77  3F                 QUESTION MARK
(@)   64  04/00  100  40                 COMMERCIAL AT SIGN
([)   91  05/11  133  5B                 LEFT SQUARE BRACKET
(\)   92  05/12  134  5C                 REVERSE SOLIDUS (BACKSLASH)
(])   93  05/13  135  5D                 RIGHT SQUARE BRACKET
({)  123  07/11  173  7B                 LEFT CURLY BRACKET, LEFT BRACE
(})  125  07/13  175  7D                 RIGHT CURLY BRACKET, RIGHT BRACE

列和格式取自这里

眼镜

这是文档

许多 HTTP/1.1 标头字段值由 LWS [回车、换行、空格、水平制表符] 或特殊字符分隔的单词组成。这些特殊字符必须在一个带引号的字符串中,以便在参数值中使用(如第 3.6 节中所定义)。

   token          = 1*<any CHAR except CTLs or separators>
   separators     = "(" | ")" | "<" | ">" | "@"
                  | "," | ";" | ":" | "\" | <">
                  | "/" | "[" | "]" | "?" | "="
                  | "{" | "}" | SP | HT

笔记

  • Base64 和 Base64Url 是上述字符集的子集,因此如果有疑问,您始终可以使用其中之一对 Authentication 标头进行编码。
  • 感谢@CodeCaster为我指明了正确的方向。
于 2019-05-20T16:46:11.227 回答