Question

Я пытаюсь создать подписанный ответ SAML, который включает в себя подписанное утверждение. Я могу сгенерировать и подписать ответ, но AWS Cognito говорит мне, что проверка подписи не удалась. Я полностью застрял в том, что с ним не так.

Подписание выполняется с использованием C# Подписано Xml классов.

Проверка проходит, пока я не вставлю подпись в ответ, после этого это терпит неудачу. Это как вставка изменила Xml, следовательно, подпись больше не действительна.

Вот SAML:

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://xxx.auth.eu-west-2.amazoncognito.com/saml2/idpresponse" ID="7a7d7cddee4d4269bc810c61380327d2" InResponseTo="_002a18ac-2adf-4687-9265-42dd3d41cbb8" IssueInstant="2020-02-07T14:24:01" Version="2.0">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://app.xxxx.com</saml2:Issuer>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <DigestValue>l4XOkv+ipwvdxg0jekdHNmk/0hOHLIIArhbhX+y7VeA=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>Hs8O2uCyghpQR0iDM9qt+Kqqex6FkqazuJG8MuEWWZLQ5Qbsz0iKgZAvI+5WFwqvn7HazIVzcQmG6vCoEzY/7kmxBBWiqFJAZp8NH8f7TC9TWPLcxhCccvNZ1ozmlNL07k/EoEurwhW7nCma+W/00XAod90yKmNO+n5IscNe900=</SignatureValue>
    <KeyInfo>
      <X509Data>
        <X509Certificate>MIICZjCCAc+gAwIBAgIUZe9zPqPfa8s6grXdIc1WPtv685AwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAyMDYxMTA0MjFaFw0yNTAyMDQxMTA0MjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALgU38/j2dXSdh0w2mFdxq2WYA/1Ol898djf5JYRtfFCrDMFHDwkYzxaEGFeQR0SKsVKvD+zg0DeOb5pQO13VHwDoTTDXDBlPvXnLiE3kwvLspj21DeYc6H9kfcMxJO5iXqYDHB3+xyWQACYuhLFj35YEZl7etzQf0RnfWq0uRm9AgMBAAGjUzBRMB0GA1UdDgQWBBQtkGA/KOyx7VFyTNCGBa/0v2wAZjAfBgNVHSMEGDAWgBQtkGA/KOyx7VFyTNCGBa/0v2wAZjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAAclGl/aUDnVDhAWhEuCbWk7Jp8WnjkB3+6Jy/F6bEJRx3Cvrm6+Kb3CJSJZrtYZQ301+F/PZtyp3WTVkVyMIGwFASt7bCt222IhtqT9dwH1yCgzH5RrsmbZEy3fLeqaNY3cOSb9is54aZ3eoirPnKoRH1oIds3BCeDPvMnyGM6O</X509Certificate>
      </X509Data>
    </KeyInfo>
  </Signature>
  <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
  </saml2p:Status>
  <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="3cffadbc6fb34e218b2f1ba17a71880f" IssueInstant="2020-02-07T14:24:01" Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://app.xxxx.com</saml2:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
        <Reference Id="#3cffadbc6fb34e218b2f1ba17a71880f" URI="">
          <Transforms>
            <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
          </Transforms>
          <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
          <DigestValue>hyEy6LOm9+2E9koEuX7hGe+Ia3ax7rYrVWnl3FsN6pM=</DigestValue>
        </Reference>
      </SignedInfo>
      <SignatureValue>W4JA2hGerF7iyEa79CWWAer+lRTFHLrycDBLvAv192AhxVuf00t1DSW2pAX0o/nTKH3BqoLTtDCH5SbfkNj7FSKMia17lLDDShVxuPsQdt0M1+N0TReypmSNttTiPjbNtmdy2mQfnCy5wRI5ioLa+YL/MbpfXsbOTCGgVAqk1R8=</SignatureValue>
      <KeyInfo>
        <X509Data>
          <X509Certificate>MIICZjCCAc+gAwIBAgIUZe9zPqPfa8s6grXdIc1WPtv685AwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDAyMDYxMTA0MjFaFw0yNTAyMDQxMTA0MjFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALgU38/j2dXSdh0w2mFdxq2WYA/1Ol898djf5JYRtfFCrDMFHDwkYzxaEGFeQR0SKsVKvD+zg0DeOb5pQO13VHwDoTTDXDBlPvXnLiE3kwvLspj21DeYc6H9kfcMxJO5iXqYDHB3+xyWQACYuhLFj35YEZl7etzQf0RnfWq0uRm9AgMBAAGjUzBRMB0GA1UdDgQWBBQtkGA/KOyx7VFyTNCGBa/0v2wAZjAfBgNVHSMEGDAWgBQtkGA/KOyx7VFyTNCGBa/0v2wAZjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAAclGl/aUDnVDhAWhEuCbWk7Jp8WnjkB3+6Jy/F6bEJRx3Cvrm6+Kb3CJSJZrtYZQ301+F/PZtyp3WTVkVyMIGwFASt7bCt222IhtqT9dwH1yCgzH5RrsmbZEy3fLeqaNY3cOSb9is54aZ3eoirPnKoRH1oIds3BCeDPvMnyGM6O</X509Certificate>
        </X509Data>
      </KeyInfo>
    </Signature>
    <saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml2:SubjectConfirmationData InResponseTo="_002a18ac-2adf-4687-9265-42dd3d41cbb8" NotOnOrAfter="2020-02-07T14:29:01" Recipient="https://xxxx.auth.eu-west-2.amazoncognito.com/saml2/idpresponse" />
      </saml2:SubjectConfirmation>
    </saml2:Subject>
    <saml2:Conditions xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore="2020-02-07T14:19:01" NotOnOrAfter="2020-02-07T14:29:01">
      <saml2:AudienceRestriction>
        <saml2:Audience>urn:amazon:cognito:sp:eu-west-2_xxxxxx</saml2:Audience>
      </saml2:AudienceRestriction>
    </saml2:Conditions>
    <saml2:AuthnStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" AuthnInstant="2020-02-07T14:24:01" SessionIndex="_002a18ac-2adf-4687-9265-42dd3d41cbb8" />
    <saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string" />
      </saml2:Attribute>
    </saml2:AttributeStatement>
  </saml2:Assertion>
</saml2p:Response>

SAML Ответ Горе

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

SAML Ответ Горе

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

Ответы [ 0 ]

Похожие темы