我已经按照以下步骤使用wso2 Identity server配置simpleSAMLphp .
http://blog.facilelogin.com/2013/06/wso2-identity-server-saml2-idp-with.html正常运作 .
在我使用wso2登录后,我得到了以下SAML响应...
<saml2p:Response ID="epgkocboaoejainknoilcfahcifmihnnmnolgbda"
InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
IssueInstant="2013-07-23T12:12:19.744Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:Assertion ID="icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec"
IssueInstant="2013-07-23T12:12:19.744Z"
Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://localhost:9443/samlsso</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>sWsl9Q1RCGqgD97tAlU4X506ylw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
M1yd1WRy6L6LiUa1KcRDZF23I/ilnrYvLxLeeXRTeTIM/kCaDy2eQHOJmJuPuxD8C/RBFLJ2eZQb
shL+AghTUITrqDS09RgYhMkdAygHsTqBBihpXHmsLuMiaW+j4HNSuMfCcg8RHaTZRiv7vOSKIKHI
icXcxcKGuvIlw0DDjds=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID>USER_NAME</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
NotOnOrAfter="2013-07-23T12:17:19.744Z"
Recipient="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2013-07-23T12:12:19.744Z"
NotOnOrAfter="2013-07-23T12:17:19.744Z"
>
<saml2:AudienceRestriction>
<saml2:Audience>simplesaml</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2013-07-23T12:12:19.744Z"
SessionIndex="2BD082E8D8D9D105C26AB2F2A7EE2676"
>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
where this is my REQUEST SAML
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_835772cc96b22070921db3a9a341590d734bacdfbb"
Version="2.0"
IssueInstant="2013-07-23T12:12:11Z"
Destination="https://localhost:9443/samlsso"
AssertionConsumerServiceURL="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>
<saml:Issuer>simplesaml</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
AllowCreate="true"
/>
</samlp:AuthnRequest>
我无法在simpleSAML响应中获得有关用户的任何属性 .
如何从 WSO2 Identity server 指定我需要的属性
??
1 回答
在Identity Server 4.5.0(IS)中的服务提供商(SP)注册时启用“属性配置文件”时,将生成唯一的“消费者索引”,并且后续SAML请求应包含该值以便IS发送响应中的用户属性 .
但是,如果要在不发送索引值的情况下获取属性,则可以在SP注册时启用“始终在响应中包含属性” . IS 4.5.0 GA版本中提供了此选项 .