我需要使用SP发起的WSO2 SAML集成我们的平台。我们的平台是用PHP编写的，我们使用simplesamlPHP进行这种集成。

我们使用simplesaml工具解析元数据，以将xml转换为代码。但是，当我们尝试登录并重定向wso2时显示：

处理身份验证请求时出错！

wso2的人说他们收到此日志错误：

身份验证请求的签名验证失败。

authsources.PHP

 'default-sp' => [
        'saml:SP',// The entity ID of this SP.
        // Can be NULL/unset,in which case an entity ID is generated based on the Metadata URL.
        'entityID' => 'https://urlfromoursite/simplesaml/module.PHP/saml/sp/Metadata.PHP/default-sp',// The entity ID of the IdP this SP should contact.
        // Can be NULL/unset,in which case the user will be shown a list of available IdPs.
        'idp' => 'idp-wso2.wso2',// The URL to the discovery service.
        // Can be NULL/unset,in which case a builtin discovery service will be used.
        'discoURL' => null,//Configuration
        'privatekey' => 'xxx.key','certificate' => 'xxx.pem','assertion.encryption' => true,'redirect.sign' => true,'sign.logout' => true,"sign.authnrequest" => true,'NameIDPolicy' => false,'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'

    ],

saml20-idp-remote.PHP（我只是从提供解析器的代码中注释过期日期）

$Metadata['idp-wso2.wso2'] = array (
  'entityid' => 'idp-wso2.wso2','contacts' => 
  array (
  ),'Metadata-set' => 'saml20-idp-remote',// 'expire' => 1601476006,'SingleSignOnService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST','Location' => 'https://clienturl:443/samlsso',),1 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',2 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST','Location' => 'https://clienturl:9443/samlsso',3 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','SinglelogoutService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP','ResponseLocation' => 'https://clienturl:443/samlsso',1 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',2 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','ArtifactResolutionService' => 
  array (
  ),'NameIDFormats' => 
  array (
  ),'keys' => 
  array (
    0 => 
    array (
      'encryption' => true,'signing' => true,'type' => 'X509Certificate','X509Certificate' => 'xxxx',);

我尝试将它们添加到元数据中

$Metadata['idp-wso2.wso2'] = array (
  'entityid' => 'idp-wso2.wso2',"redirect.sign" => TRUE,"redirect.validate" => TRUE,"sign.authnrequest" => TRUE,

但是没有用。

我不确定是否需要放置CA Intermediate之类的东西或需要做什么。

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）