c# - 签名出现在 AttributeStatement (.Net 4.5) 旁边时出现 SAML 2.0 错误-6ren

c# - 签名出现在 AttributeStatement (.Net 4.5) 旁边时出现 SAML 2.0 错误

转载作者：行者123 更新时间：2023-11-30 22:10:13

<分区>

我正在使用一个服务运行集成测试，该服务使用 SAML 2.0 断言发送请求:System.IdentityModel.Tokens.Saml2SecurityTokenHandler 的 ReadAssertion(XmlReader reader) 方法正在抛出错误Element 异常是无效的 XmlNodeType 消息。

尝试对此进行调查，我发现发生这种情况是因为该方法期望在 Signature 位置读取结束元素，如果我删除该节点，该方法可以正常工作，但我收到另一个异常 ID4152:无法验证 Saml2SecurityToken，因为未设置 IssuerToken 属性。未签名的 SAML2:无法验证断言。

谁能帮我看看这是什么问题？或者请求签名的格式是否正确。在我的测试应用程序中，签名总是排在第一位，我没有遇到这个问题。这是他们发给我的。

  <saml2:Assertion xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"
  xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
  xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
  xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_3667829ea1b046968151794aa774f909"
  IssueInstant="2014-01-07T22:57:13.118Z" Version="2.0">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">C=US,O=AEGISnetInc,CN=dilhn001.dil.aegis.net</saml2:Issuer>
  <saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">UID=TS: PRL-R-0000.0-2010 TC: PD-R-0000.0-2010</saml2:NameID>
    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
      <saml2:SubjectConfirmationData>
        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:KeyValue>
            <ds:RSAKeyValue>
              <ds:Modulus>jT0q3UTlZ7maUp5VwmVbZvIv67gm3SFJjN+2EhJtg9TEdTFkL5aQAI06uU32kdqnLPyfWElZdmgGtr6YHYfUy1K1o3wXK9jnX8JTL8oybNmDqkVw/TVXr9KD0vAw+8Iut1T7boDGdD7bnzwPBwImtyCIm6S6Q4Wlx64xkq4gdhZTXkkSaKPyy517LgNCtzdigDVU+bZqAueWE1l4BOpHVrjULX8wLGjZloU4rWqN0AvsjS1OpC0HO/aTxKznT4jD1PVNKJPLzlTU6e0RPuOMyTlccoPf2UeAMI+QZDim7uZ9IoE0dMnqJLSGYq+KGfa0AZReg1OFXYzF2qicdmFKeQ==</ds:Modulus>
              <ds:Exponent>AQAB</ds:Exponent>
            </ds:RSAKeyValue>
          </ds:KeyValue>
        </ds:KeyInfo>
      </saml2:SubjectConfirmationData>
    </saml2:SubjectConfirmation>
  </saml2:Subject>
  <saml2:AuthnStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" AuthnInstant="2014-01-07T22:19:12.905Z" SessionIndex="123456">
    <saml2:AuthnContext>
      <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</saml2:AuthnContextClassRef>
    </saml2:AuthnContext>
  </saml2:AuthnStatement>
  <saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:subject-id">
      <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">Lab IT Testcase</saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization">
      <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">2.16.840.1.113883.3.1259.10.1001</saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:organization-id">
      <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">urn:oid:2.16.840.1.113883.3.1259.10.1001</saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:nhin:names:saml:homeCommunityId">
      <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">urn:oid:2.16.840.1.113883.3.1259.10.1001</saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:subject:role">
      <saml2:AttributeValue>
        <hl7:Role xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="46255001" codeSystem="2.16.840.1.113883.6.96" codeSystemName="SNOMED_CT" displayName="Pharmacist" xsi:type="hl7:CE"/>
      </saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse">
      <saml2:AttributeValue>
        <hl7:PurposeOfUse xmlns:hl7="urn:hl7-org:v3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" code="TREATMENT" codeSystem="2.16.840.1.113883.3.18.7.1" codeSystemName="nhin-purpose" displayName="Treatment" xsi:type="hl7:CE"/>
      </saml2:AttributeValue>
    </saml2:Attribute>
    <saml2:Attribute Name="urn:oasis:names:tc:xacml:2.0:resource:resource-id">
      <saml2:AttributeValue xmlns:ns6="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns7="http://www.w3.org/2001/XMLSchema" ns6:type="ns7:string">RI0002.000000010^^^&amp;2.16.840.1.113883.3.1259.10.1001&amp;ISO</saml2:AttributeValue>
    </saml2:Attribute>
  </saml2:AttributeStatement>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <ds:Reference URI="#_0a559edda54f456a917fc9b4e69243a9">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>zYfPwHi3nhD9UiWU/PjUY8p2Qmg=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>HHAv7faYgZR6mwEGrHuArru8SuqJQNGa2/lFJyK1IBdQW7lsrRfPB351SYV75Kds/D/YSWRH4QAL
gu3rW7I9If8pc4Jf4ICIwMyGhzKQMy7N5h2pZGsrc2UIyyEt+0QWhjf37z7zc07RfbyfPfTiLUKG
rjhgmRO9FlQ8G2AOX8PfjMdlWyFKUcF56Qziv6mlVAvzEuJmKP6/oZQxe01GwWoA+7JddGyEEtZC
AhDnZR1dF13H3vrJtoZMHGZUVDeO7XrMhqlQA2Z5vCZ9GsSIZmAclSewh1BoImDvRUEVmFrnyZq5
bgSQkTAzzbfTILnMjMGF3WDxLBgA771nO3W6Ag==</ds:SignatureValue>
    <ds:KeyInfo>
      <ds:KeyValue>
        <ds:RSAKeyValue>
          <ds:Modulus>jT0q3UTlZ7maUp5VwmVbZvIv67gm3SFJjN+2EhJtg9TEdTFkL5aQAI06uU32kdqnLPyfWElZdmgG
tr6YHYfUy1K1o3wXK9jnX8JTL8oybNmDqkVw/TVXr9KD0vAw+8Iut1T7boDGdD7bnzwPBwImtyCI
m6S6Q4Wlx64xkq4gdhZTXkkSaKPyy517LgNCtzdigDVU+bZqAueWE1l4BOpHVrjULX8wLGjZloU4
rWqN0AvsjS1OpC0HO/aTxKznT4jD1PVNKJPLzlTU6e0RPuOMyTlccoPf2UeAMI+QZDim7uZ9IoE0
dMnqJLSGYq+KGfa0AZReg1OFXYzF2qicdmFKeQ==</ds:Modulus>
          <ds:Exponent>AQAB</ds:Exponent>
        </ds:RSAKeyValue>
      </ds:KeyValue>
    </ds:KeyInfo>
  </ds:Signature>
</saml2:Assertion>

文章推荐： c# - WPF - 视觉树不用于绘图？

文章推荐： php - 当外键约束设置为级联时，bindParam 不起作用

文章推荐： python - 当 S3 为目标时 pandas.DataFrame.to_parquet 失败

文章推荐： php - MySql select from 3 tables Undefined index 错误

c# - 签名出现在 AttributeStatement (.Net 4.5) 旁边时出现 SAML 2.0 错误
关闭。这个问题是 not reproducible or was caused by typos 。它目前不接受答案。这个问题是由于错别字或无法再重现的问题引起的。虽然类似的问题可能在这里出现，

行者123

个人简介

我是一名优秀的程序员,十分优秀！

作者热门文章

滴滴打车优惠券免费领取

全站热门文章

首页

博学

6Ren·AI

商城

c# - 签名出现在 AttributeStatement (.Net 4.5) 旁边时出现 SAML 2.0 错误