gpt4 book ai didi

python - 缺少 SAML 响应签名

转载 作者:行者123 更新时间:2023-12-05 02:14:22 25 4
gpt4 key购买 nike

我正在尝试实现 SAML2 SSO,但出现错误 saml2.sigver.SignatureError: Signature missing for response。我正在使用 djangosaml2,然后使用 pysaml2。寻找签名时似乎遇到了问题:https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L1648

看起来它试图在响应属性中找到签名,但是我的 IDP 在响应属性中没有返回签名,但是可以在响应中找到签名作为它自己的元素 ns2:Signature .

我应该要求我的 IDP 提供不同的响应,还是我这边缺少配置选项?

Login process started
Trying binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST for IDP None
Redirecting user to the IdP via urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST binding.
Saving the session_id in the OutstandingQueries cache
Invalid or malformed SAML Assertion.
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/djangosaml2/views.py", line 271, in assertion_consumer_service
response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, outstanding_queries)
File "/usr/local/lib/python3.4/dist-packages/saml2/client_base.py", line 712, in parse_authn_request_response
binding, **kwargs)
File "/usr/local/lib/python3.4/dist-packages/saml2/entity.py", line 1150, in _parse_response
response = response.loads(xmlstr, False, origxml=xmlstr)
File "/usr/local/lib/python3.4/dist-packages/saml2/response.py", line 520, in loads
self._loads(xmldata, decode, origxml)
File "/usr/local/lib/python3.4/dist-packages/saml2/response.py", line 342, in _loads
**args)
File "/usr/local/lib/python3.4/dist-packages/saml2/sigver.py", line 1648, in correctly_signed_response
raise SignatureError('Signature missing for response')
saml2.sigver.SignatureError: Signature missing for response

SAML 响应:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="..." ID="..." InResponseTo="..." IssueInstant="2018-12-07T10:31:48Z" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">...</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="..." IssueInstant="2018-12-07T10:31:48Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">...</saml:Issuer>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="...">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue>...</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>...</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>...</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
</dsig:Signature>
...
...
</saml:Assertion>
</samlp:Response>

最佳答案

根据 Bernhard 的评论,我需要设置 "want_response_signed": False

SAML_CONFIG = {
'service': {
'sp': {
"want_response_signed": False
...

关于python - 缺少 SAML 响应签名,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53668874/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com