0

我正在尝试将saml_idp集成到我的项目中。我收到一个错误PUB key 和 PRIV key: nested asn1 error about missing private key。即使我在 config/saml_configuration.rb 中添加了我的私钥和证书,但我仍然遇到同样的错误。我试图从这个链接链接2中获取一些参考,但没有运气

class SamlsController < ApplicationController
  include SamlIdp::Controller

  def new  
    @saml_response = encode_response(
      current_user, {
        encryption: {
          cert: certificate,
          block_encryption: 'aes256-cbc',
          key_transport: 'rsa-oaep-mgf1p'
        },
        audience_uri: 'http://localhost:3000/samls/custom_action'
      }
    )
    render layout: false
  end

  def custom_action
    <<-SAML
    <xml>
      <saml>
        <random>random</random>
        <random>random</random>
        <random>random</random>
        <random>asd</random>
      </saml>
    </xml>
    SAML
  end

  def certificate
    ENV["SAML_CERTIFICATE"]
  end

end

配置/saml_configuration.rb

 SamlIdp.configure do |config|
  base = "http://url.com"

  config.x509_certificate = <<-CERT.strip_heredoc
    -----BEGIN CERTIFICATE-----
     my_certificate
    -----END CERTIFICATE-----
  CERT

  config.secret_key = <<-CERT.strip_heredoc
    -----BEGIN PRIVATE KEY-----
    my_private_key
    -----END PRIVATE KEY-----
  CERT

  config.algorithm = :sha256

  config.name_id.formats = {
    persistent: -> (principal) { fail('you should not even be loading this') }
  }

  config.attributes = {
    "Email address" => {
      "name" => "email",
      "name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
      "getter" => ->(principal) {
        principal.email
      },
    },
    "First Name" => {
      "name" => "First_Name",
      "name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
      "getter" => ->(principal) {
        principal.first_name
      }
    },
    "Last Name" => {
      "name" => "Last_Name",
      "name_format" => "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
      "getter" => ->(principal) {
        principal.last_name
      }
    },
  }

  config.name_id.formats = {
    email_address: -> (principal) { principal.email },
    transient: -> (principal) { principal.id },
    persistent: -> (principal) { principal.id },
  }

  service_providers = {
    "some-issuer-url.com/saml" => {
      fingerprint: "my_finger_print",
      metadata_url: "http://some-issuer-url.com/saml/metadata",
      response_hosts: ["foo.some-issuer-url.com"]
    },
  }


  config.service_provider.metadata_persister = ->(identifier, settings) {
    fname = identifier.to_s.gsub(/\/|:/,"_")
    FileUtils.mkdir_p(Rails.root.join('cache', 'saml', 'metadata').to_s)
    File.open Rails.root.join("cache/saml/metadata/#{fname}"), "r+b" do |f|
      Marshal.dump settings.to_h, f
    end
  }

  config.service_provider.persisted_metadata_getter = ->(identifier, service_provider){
    fname = identifier.to_s.gsub(/\/|:/,"_")
    FileUtils.mkdir_p(Rails.root.join('cache', 'saml', 'metadata').to_s)
    full_filename = Rails.root.join("cache/saml/metadata/#{fname}")
    if File.file?(full_filename)
      File.open full_filename, "rb" do |f|
        Marshal.load f
      end
    end
  }

  config.service_provider.finder = ->(issuer_or_entity_id) do
    service_providers[issuer_or_entity_id]
  end
end

另外,我对 service_providers 块有疑问。

  1. 关键应该是什么
  2. 什么是 metadata_url
  3. 什么是 response_hosts
4

0 回答 0