質問

I am working on idp-initiated authentication. I have created a response to be sent to SalesForce but stuck at one point. See the XML code below. Tell me from where I can get values to be fill in these tags.

<SignatureValue>, <X509Certificate> and <DigestMethod>

XML CODE: This is the part of SAMLAssertion that IDP posts to SP for authentication.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <Reference URI="#s2541b842781b7edbe3b3077bf7d11bae88eaa73e7">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>MnTEd3S3uu7MvGAFE5iB8DEhr9U=</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>Jf/FNn5309vTWMKJ1o5sdMV/tY/Y+LV3F2eK4+LaIlmKYUHPInX4h+mUg3ef3IXTJ16aYu0A7aRK dHMc3UDF5BlMvfOEpGMEdARQY0O+VzkLJjZMDKG3DlSpfcVZrw/rm4wlZ6oYwhZEOhS0Gi3OOoeR jQn1ONABsfiprr1BYYo=</SignatureValue>
    <KeyInfo>
        <X509Data>
            <X509Certificate>MIIEijCCA/OgAwIBAgIQPn+ClEjH2V3Jynt7u3v+XzANBgkqhkiG9w0BAQUFADCBujEfMB0 GA1UEChMWVmVyaVNpZ24gVoycE7oe0xvQEad1Hs6xHCRDbJVIr4=</X509Certificate>
        </X509Data>
    </KeyInfo>
</Signature>
役に立ちましたか?

解決

Check that the certificate 'hard-coded' into the assertion is that same as the certificate imported into SalesForce.com. The above message would suggest that this is NOT the case.

Make sure that you are using proper classes in order make signature for response.

ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top