Я использую протокол единого выхода SAML2.
Мой поставщик удостоверений использует привязку HTTP-Redirect для отправки мне запросов на выход из системы . Содержание этого запроса выглядит следующим образом:
?SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2fff%2fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9el5dVOv2Vf6L1nnTpmdPP%2fvo99%2bd3t%2b5f3BwsJ3t759v7x8c7G5nn%2b5Mth%2fe26f%2f7WXnDyaffpT%2bZF43RbX87KO98c5H6VnTrPOzZdNmy5Y%2b2tnd3cb%2f7r%2fZffBoZ%2ffR3sH44acHP%2fVR%2bpR6KZZZy2%2fO23bVPLp7dzUt2lne7O6Np3m9HE%2fnd4Hb3t3XL1%2bX1at8VtT5tL27yNvsuCyy5m6z%2big9qZZNjr7W9fJRlTVF82iZLfLmUTt99Pr4i%2bePCK1HU2n0aL1sVvm0OC%2fy2Ufpi6r9cvllfXze5nUP1U8F1V1C9d2iXDaPmEqbe1nVVVtNq%2fKjo8dMhlpe3fxS1jR5DTJ8dGTIYAZfVhfF8vFdgXX0%2bAW9e%2fY0fVbVi2zDeHfHu%2fxJMds%2b56aP8kVWlMezWZ03jQ7n1jiV66IZ19WsLi7W%2bQ%2fG54RatpzlP%2fg9FcnHdwWtI2Wj19QHvXhGbd4d%2ff47n%2b4d7O7dP99%2bcP7w%2fvb%2b3nS6nc0O8u3zWX7waZY%2f3JlM8sd3I2%2baDwOuPPp%2fAA%3d%3d&Signature=i1JxpKbaInBXsqTzPwG3E3NIPqCmK4mgLaYgUy%2fraNgscBBLLrQGObKm%2bLIu6Skh7iOb4r39HX6tCsq6p5CO97U7WfCwOnkJpgzAFjA0T9ByAzomh6LIC%2bpXGaINzhw2DPcv4cZYrUoSuEQl0OCaAAtYaarm%2f53qR0DMF5OhZkU%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256
После привязок для языка разметки утверждений безопасности OASIS (SAML) V2.0 Я беру строку ? SAMLRequest = value & SigAlg = value и пытаюсь выполнить проверку с помощью Подпись = значение строка. Код (JAVA), который я использую, таков:
// Retrieve the public key sent by the IdP
FileInputStream inputStream = new FileInputStream("/path/to/the/idp/sent/public/key");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(inputStream);
PublicKey publicKey = certificate.getPublicKey();</p>
<pre><code>// Create the signature
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(publicKey);
signature.update("SAMLRequest=7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ%2fff%2fz9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfZolw9el5dVOv2Vf6L1nnTpmdPP%2fvo99%2bd3t%2b5f3BwsJ3t759v7x8c7G5nn%2b5Mth%2fe26f%2f7WXnDyaffpT%2bZF43RbX87KO98c5H6VnTrPOzZdNmy5Y%2b2tnd3cb%2f7r%2fZffBoZ%2ffR3sH44acHP%2fVR%2bpR6KZZZy2%2fO23bVPLp7dzUt2lne7O6Np3m9HE%2fnd4Hb3t3XL1%2bX1at8VtT5tL27yNvsuCyy5m6z%2big9qZZNjr7W9fJRlTVF82iZLfLmUTt99Pr4i%2bePCK1HU2n0aL1sVvm0OC%2fy2Ufpi6r9cvllfXze5nUP1U8F1V1C9d2iXDaPmEqbe1nVVVtNq%2fKjo8dMhlpe3fxS1jR5DTJ8dGTIYAZfVhfF8vFdgXX0%2bAW9e%2fY0fVbVi2zDeHfHu%2fxJMds%2b56aP8kVWlMezWZ03jQ7n1jiV66IZ19WsLi7W%2bQ%2fG54RatpzlP%2fg9FcnHdwWtI2Wj19QHvXhGbd4d%2ff47n%2b4d7O7dP99%2bcP7w%2fvb%2b3nS6nc0O8u3zWX7waZY%2f3JlM8sd3I2%2baDwOuPPp%2fAA%3d%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256".getBytes());
// Verify
if (signature.verify((new BASE64Decoder()).decodeBuffer("i1JxpKbaInBXsqTzPwG3E3NIPqCmK4mgLaYgUy%2fraNgscBBLLrQGObKm%2bLIu6Skh7iOb4r39HX6tCsq6p5CO97U7WfCwOnkJpgzAFjA0T9ByAzomh6LIC%2bpXGaINzhw2DPcv4cZYrUoSuEQl0OCaAAtYaarm%2f53qR0DMF5OhZkU%3d"))) {
System.out.println("Signature OK!!!");
} else {
System.out.println("Bad Signature!!!");
}
Я всегда получаю сообщение Bad Signature !!!
Есть идеи?