我有一个 SAML token ,格式如下:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="1" AssertionID="_341bea3b-f497-4a4f-adff-2bd65e44fd67" Issuer="http://127.0.0.1:81/" IssueInstant="2012-03-12T15:08:26.618Z">
<saml:Conditions NotBefore="2012-03-12T15:08:26.585Z" NotOnOrAfter="2012-04-23T07:08:26.585Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://127.0.0.2:83/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
<saml:AttributeValue>tempName</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_341bea3b-f497-4a4f-adff-2bd65e44fd67">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>4dssZKnMKbLVftPXnSxZlDjrKnDtyQ8Sb7FRup6wkwE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
REkPevPfjE86v+SCxGiomP2CConIVjTxuUpCIFDc+sAWUtEq3cMYZDwYfGKgEaSboIv1SUfYl8dUAEhQ+CjlCg7p3jF38f64HxexWHuLty2K+us74OmvK2F8CtG+xgwURAtJ14a6j/dTzuqzpn3hhHI7EXmrW1C5vrSAMQrVcyk=
</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIICeDCCAeGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBgDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjERMA8GA1UEBxMIVmljdG9yaWExITAfBgNVBAoTGFRob21zb25zIE9ubGluZSBCZW5lZml0czEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC1Rlc3RpbmdDZXJ0MCAXDTExMDkxOTAwMDAwMFoYDzQwMDAwNzE5MTgwMzMzWjCBgDELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjERMA8GA1UEBxMIVmljdG9yaWExITAfBgNVBAoTGFRob21zb25zIE9ubGluZSBCZW5lZml0czEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFDASBgNVBAMTC1Rlc3RpbmdDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC16AgeosO1rNdNU1nzAODZTcRuhoew3wJdVAbIcYqU57MLAYIhGIU/tovSGEOHnKjzNciYmXwLV6dVSCuygoOADNMAAgsfWYHDk2iZZLM8XuM2N6VVtJk/pc4wEITxBHLMqeCrJXTN/6JvTB1AHZWmfFm8jqMuMpXlowNEGoMJQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAExdjee3nfJ5wFtOrQcIwblrrM/XWfzhaj4Zzd6Bc/dofP44/PpMqwdyiJWYf/DmsXTM4YZ2HbdJyWXHCR+m/neWE1diVXlEAuArrjHDFWvsmqqK3bpKzSzabQF4wVxHaxbn49zUqale+tr5gXK36MKwq3I54ohd0T2i7HO8hKhF
</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
我想从一个 MVC Controller 重定向到一个单独的 MVC 应用程序中的另一个页面,并传递这个 SAML token 。解决此问题的最佳方法是什么?
最佳答案
您可以像 WIF 模块(以及其他一些 STS 提供程序)那样执行此操作,方法是发回一个包含隐藏输入并保存 token 的表单,以及一个将表单发布到目的地的 javascript 脚本。
像这样:
<html>
<head>
<title>Working...</title>
</head>
<body>
<form method="POST" name="hiddenform" action="http://emadashi.com/"><input type="hidden" name="wa" value="wsignin1.0" />
<input type="hidden" name="wresult" value="your-http-encoded-token-here" />
<noscript><p>Script is disabled. Click Submit to continue.</p>
<input type="submit" value="Submit" /></noscript>
</form>
<script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>
</body>
</html>
如果你深入研究 SignInRequestMessage类,检查方法 WriteFormPost,你会看到它吐出这样的代码。
这个问题来晚了,但我希望这对仍在寻找答案的人有所帮助。
关于c# - 如何使用 MVC3 中的 SAML 断言发布到另一个网站?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9670590/