问题描述
我需要使用SP发起的WSO2 SAML集成我们的平台。我们的平台是用PHP编写的,我们使用simplesamlPHP进行这种集成。
我们使用simplesaml工具解析元数据,以将xml转换为代码。但是,当我们尝试登录并重定向wso2时显示:
处理身份验证请求时出错!
wso2的人说他们收到此日志错误:
身份验证请求的签名验证失败。
authsources.PHP
'default-sp' => [
'saml:SP',// The entity ID of this SP.
// Can be NULL/unset,in which case an entity ID is generated based on the Metadata URL.
'entityID' => 'https://urlfromoursite/simplesaml/module.PHP/saml/sp/Metadata.PHP/default-sp',// The entity ID of the IdP this SP should contact.
// Can be NULL/unset,in which case the user will be shown a list of available IdPs.
'idp' => 'idp-wso2.wso2',// The URL to the discovery service.
// Can be NULL/unset,in which case a builtin discovery service will be used.
'discoURL' => null,//Configuration
'privatekey' => 'xxx.key','certificate' => 'xxx.pem','assertion.encryption' => true,'redirect.sign' => true,'sign.logout' => true,"sign.authnrequest" => true,'NameIDPolicy' => false,'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
],
saml20-idp-remote.PHP(我只是从提供解析器的代码中注释过期日期)
$Metadata['idp-wso2.wso2'] = array (
'entityid' => 'idp-wso2.wso2','contacts' =>
array (
),'Metadata-set' => 'saml20-idp-remote',// 'expire' => 1601476006,'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST','Location' => 'https://clienturl:443/samlsso',),1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST','Location' => 'https://clienturl:9443/samlsso',3 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','SinglelogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP','ResponseLocation' => 'https://clienturl:443/samlsso',1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect','ArtifactResolutionService' =>
array (
),'NameIDFormats' =>
array (
),'keys' =>
array (
0 =>
array (
'encryption' => true,'signing' => true,'type' => 'X509Certificate','X509Certificate' => 'xxxx',);
我尝试将它们添加到元数据中
$Metadata['idp-wso2.wso2'] = array (
'entityid' => 'idp-wso2.wso2',"redirect.sign" => TRUE,"redirect.validate" => TRUE,"sign.authnrequest" => TRUE,
但是没有用。
我不确定是否需要放置CA Intermediate之类的东西或需要做什么。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)