How to verify a SAML signature for HTTP-redirect binding

前端未结

关注

 6  1481

生来不讨喜 2020-12-30 09:40

I\'m receiving a SAML request via HTTP-redirect binding the content of the SAML request look like this

{\"SigAlg\"=>\"http://www.w3.org/2000/09/xmldsi

6条回答

灰色年华 (楼主)

2020-12-30 10:25

We can use the one login saml library to verify auth-request signature.They provide a lot of wrapper methods for SAML.This is a ruby implementation of it. `

def verify_signature(params)
    saml_request = URI.decode(params[:SAMLRequest])
    relay_state_string = URI.decode(params[:RelayState])
    signature = URI.decode(params[:Signature])
    sign_alg = URI.decode(params[:SigAlg])
    query_params,sig_params={},{}
    query_params[:type] = "SAMLRequest"
    query_params[:data] = saml_request
    query_params[:relay_state] = relay_state_string
    query_params[:sig_alg] = sign_alg
    query = OneLogin::RubySaml::Utils.build_query(query_params)
    sig_params[:cert] = getPublicKeyFromCertificate
    sig_params[:sig_alg] = sign_alg
    sig_params[:signature] = signature
    sig_params[:query_string] = query
    OneLogin::RubySaml::Utils.verify_signature(sig_params)
end

0 讨论(0)

查看其它6个回答