我正在研究 SAML 身份验证
我在 中设置了摘要和签名方法rsa-sha256 ,但是当我创建重定向身份验证用户的请求时,请求位于 rsa-sha1 ...
在网址中,有 SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
但我希望它是 rsa-sha256
设置:
def saml_settings
settings = OneLogin::RubySaml::Settings.new({:idp_cert_fingerprint_algorithm => XMLSecurity::Document::SHA256})
settings.assertion_consumer_service_url = "..."
settings.issuer = "..."
settings.idp_sso_target_url = "..."
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
#settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
settings.certificate = CONFIG_CERTIFICATE
settings.private_key = CONFIG_PRIVATE_KEY
settings.security[:authn_requests_signed] = true # Enable or not signature on AuthNRequest
settings.security[:logout_requests_signed] = true # Enable or not signature on Logout Request
settings.security[:logout_responses_signed] = true # Enable or not signature on Logout Response
settings.security[:digest_method] = XMLSecurity::Document::SHA256
settings.security[:signature_method] = XMLSecurity::Document::SHA256
settings.security[:embed_sign] = false
settings
end
当我创建 时请求 :
request = OneLogin::RubySaml::Authrequest.new
redirect_to(request.create(saml_settings))
在这里,
request.create(saml_settings)
正在返回 url 中,有 SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
我如何才能将其更改为 rsa-sha256?
最佳答案
实际上,我找到了 anwser :
在lib中,sha1 ou sha256 ecryption将由设置定义,
在方法中 create_params
的 OneLogin::RubySaml::Authrequest
我们有
if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
params['SigAlg'] = XMLSecurity::Document::SHA1
...
end
所以,我有
settings.security[:embed_sign] = false
所以条件为TRUE。但它必须是错误
所以我把
settings.security[:embed_sign] = true
(实际上,它必须是真实的)
和
request.create(saml_settings, {:SigAlg => XMLSecurity::Document::SHA256}))
大功告成!
( 参见 http://www.rubydoc.info/github/onelogin/ruby-saml/OneLogin/RubySaml/Authrequest#create-instance_method )
关于ruby-on-rails - Rails request.create 在 rsa-sha256 中?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30661756/