c# - 如何通过 SSO (SAML) 使用 WebEx 的 XML-API

Question

我正在编写一个小工具，使用支持票信息与我们的支持客户一起打开 WebEx。 当站点使用用户名/密码时我可以让它工作，现在我们使用 SSO。 WebEx 服务器已设置为接受 SSO(由我们的 IT 经理设置 - 而不是我)。

WebEx 引用资料(链接在下面)没有详细说明，官方网站上的 WebEx 开发论坛非常闲置，没有关于该主题的答案，所以我决定在这里试试运气。
posted this same question over the official forum

有人知道如何使下面的代码真正起作用吗？ <samlResponse> 中的内容标记并将代码中的以下行替换为可以使其正常工作的内容:

    <samlResponse>samlResponse message will go here</samlResponse>

文档(见下文)中的SAML 断言 是什么意思？

到目前为止我发现了什么

WebEx 的 XML-API documentation (第 68 页)描述了以下内容:

3.1 AuthenticateUser

The AuthenticateUser API will accept a SAML assertion in place of a user password. The returned can be used for subsequent XML API requests without using for the session duration as defined in Super Admin. This can take the place of the current requirement for a and for authentication. ...

The following schema diagram shows the element structure of the AuthenticateUser request message.

然后它提供了 XML 架构图和示例。

引用示例 .NET 代码(不使用 SAML)我想出了以下代码:

string strXMLServer = "https://varonis.webex.com/WBXService/XMLService";
WebRequest request = WebRequest.Create(strXMLServer);
// Set the Method property of the request to POST.
request.Method = "POST";
// Set the ContentType property of the WebRequest.
request.ContentType = "application/x-www-form-urlencoded";

// Create POST data and convert it to a byte array.
Func<StringBuilder, StringBuilder> webExXML =
    bodySB => new StringBuilder(1024) // Currently 294 bytes in length
        .AppendLine("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>")
        .Append("<serv:message xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"")
        .Append(" xmlns:serv=\"http://www.webex.com/schemas/2002/06/service\"")
        .Append(" xsi:schemaLocation=\"http://www.webex.com/schemas/2002/06/service")
        .Append(" http://www.webex.com/schemas/2002/06/service/service.xsd\">") 
        .AppendLine("<header>")
        .AppendLine("<securityContext>")
        .AppendLine("<siteName>siteName</siteName>")
        .AppendLine("<webExID>username</webExID>")
        .AppendLine("<password></password>")
        .AppendLine("<partnerID></partnerID>")
        .AppendLine("</securityContext>")
        .AppendLine("</header>")
        .AppendLine()
        .AppendLine("<body>")
        .Append(bodySB)
        .AppendLine()
        .AppendLine("</body>")
        .AppendLine("</serv:message>");

var xmlAuthBodyContent = new StringBuilder()
    .AppendLine("<bodyContent ")
    .AppendLine("xsi:type=\"java:com.webex.service.binding.user.AuthenticateUser\">")
    .AppendLine("<samlResponse>samlResponse message will go here</samlResponse>")
    .AppendLine("</bodyContent>");

byte[] byteArray = Encoding.UTF8.GetBytes(webExXML(xmlAuthBodyContent).ToString());

// Set the ContentLength property of the WebRequest.
request.ContentLength = byteArray.Length;

// Get the request stream.
Stream dataStream = request.GetRequestStream();
// Write the data to the request stream.
dataStream.Write(byteArray, 0, byteArray.Length);
// Close the Stream object.
dataStream.Close();
// Get the response.
WebResponse response = request.GetResponse();

DataSet DSResponse = new DataSet();
DSResponse.ReadXml(response.GetResponseStream());
DSResponse.GetXml().Dump();

我得到的结果是:

<serv:message xmlns:serv="http://www.webex.com/schemas/2002/06/service">
<serv:header>
    <serv:response>
    <serv:result>FAILURE</serv:result>
    <serv:reason>Authentication Server can't generate a valid session ticket</serv:reason>
    <serv:gsbStatus>PRIMARY</serv:gsbStatus>
    <serv:exceptionID>030048</serv:exceptionID>
    <serv:subErrors>
        <serv:subError>
        <serv:exceptionID>AS0062</serv:exceptionID>
        <serv:reason>Validate assertion failed</serv:reason>
        <serv:value />
        </serv:subError>
    </serv:subErrors>
    </serv:response>
</serv:header>
<serv:body>
    <serv:bodyContent />
</serv:body>
</serv:message>

Answer 1

我终于得到一个response on the WebEx Forums by one Nathan Morrow ，我在征得他的同意后将内容复制到这里，以防这里有人觉得有用。

答案:

A SAML assertion is an XML style document that is used for SAML based authentication. It includes several values that are necessary for authentication and a digital signature using a previously configured trust certificate. You will need to work with IT to gain access to retrieving SAML assertions from the Identity Management system being used. Once you are able to retrieve the SAML assertion in BASE64 format (it won't look like XML in this format, just a block of characters), you will then place the entire assertion in to the samlResponse element in your authenticateUser request.

然后我询问 WebEx 一键式工具是如何做到的，他回答:

WebEx productivity tools uses custom internal APIs and web browser capability to access your companies authentication portal to confirm authentication. There is a SAML assertion involved behind the scenes. Once you are able to retrieve the assertion for your tool, it will also appear behind the scenes to the end user.