[我正在尝试对我的ColdFusion Web应用程序实施SAML SSO,我已经阅读了很多文章,但仍不清楚如何生成SAML saml2:EncryptedAssertion。
现在我想在表格中实现SAML SSO。
我对AES加密方法有些困惑。
有人可以告诉我如何创建“ CipherValue”吗?是否有与此相关的建议文档?
这是我的示例SAML响应:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://sso.online.tableau.com/public/sp/SSO?alias=5e998a7f-34bb-4233-b594-7f0be4ac9a50"
ID="mdhihkbjpdbflgjjkiokfoachmaaoeheefnpajgi"
IssueInstant="2020-02-19T13:39:12.264Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://login.xecurify.com/moas/204947/27c493c2-4827-11ea-8bb8-02c931e36dd8</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#mdhihkbjpdbflgjjkiokfoachmaaoeheefnpajgi">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>SIjM2qZM8H7deBUJTHS16+3e4prO7AWrJcd7/i75d+w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>jJp82+OTdPQRbLXM36vQ/g9WBoqdbmLK7H8vGTeXFUO8IDaTbyFxfaU/aaHxdmHgH/1Qy8vclYgQsmI7Wx66jfYh2v5Ucy3mCsNcqKFymqz2Kn42gLC2cU3QEJIqPija8Sz1R63RcRoFm8V8My9wu5cDFpeMgY9AR+BqSfsGZBcoLlqVON0syRqHRAOJCUbUxNet1rYNMY308M5AImpfNDcJqXofetkqu7/Lmq9xgPTcMNkh7sqSkXvXiszuB9Ul9ieRVi1yV51NRcFIoFcE/BwB5fU+uhAeQxhXd71ebTPH1o3gl26U/XDYiPpxGM0f6s8JY2MDPmDF6Pnwuftppg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAM49kQYbMHC5MA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAklOMRMw
EQYDVQQKEwptaW5pT3JhbmdlMRMwEQYDVQQLEwptaW5pT3JhbmdlMRMwEQYDVQQDEwptaW5pT3Jh
bmdlMB4XDTIwMDIwNTE0NTI0MFoXDTMwMDIwMjE0NTI0MFowTDELMAkGA1UEBhMCSU4xEzARBgNV
BAoTCm1pbmlPcmFuZ2UxEzARBgNVBAsTCm1pbmlPcmFuZ2UxEzARBgNVBAMTCm1pbmlPcmFuZ2Uw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQeiBR8hjbO0lKn0OX5Ml9ygrNLLA+QFit
c0bUTmoSAyLzubrM7Kg7Vg27D7r2itpKUWUA3/fx74+wJrXrDyGWrf1U8DWOCzbCQLNMbfwzdhEJ
EV0qVBVNl5RzyvfNaC26rxjRuoZBg+BBzTDBtkJ9K4gwob14XyXNtgoGyislIrLZnlGV40uzu17T
VySOZMPl3B3ImirAaVFYkx6ZZTgUrDsyI+VXtF020CbFN+oNGW+2nsx4/Z4uSlOUU9E0z1yceHrw
Y+ShPD1/U9WZOih42zL24o/rvJlcovs81x+6zkdKTUgmnf7BAdW06u10VIJqCyAut9LqJBAGSik/
yVeLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAADG7omHudMFRDATY9mBW+mt+P0QESrfJ1QlzdED
8nU/s6S7i62R/t/zrJLgAYozzDNXnBi04ROWV2Qk05N9iMH4XDiAtTuEEhWsVkdsRqoBurn42WtP
nKgz55phoe6Sfg0UsSyfgnEi+Ks46QZXwG9evHtOCZglBV8sqepHPGWXRXGx2oG6EEXgqb/rSdtY
D3NtnIZQWk+gl0LDmxN5pju0mTbMipJgMNr1QyZNa0mm6sTJy3eBSmFiGVa0nMDlM6NXyLPMovef
EKYeFU8XL6SBQICYEDeeMdw/x1ycbwa16DC2EUvX3MMsF2JGoRKmLTnaorIxZ7N9/vuDr1BBEV0=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_b046db603bd493b9b67eab9afbeb6031"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_3c3857a5ed5cbfdf1bda23ffd5f31023"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICozCCAgygAwIBAgIGAXAVzAj+MA0GCSqGSIb3DQEBCwUAMGwxOzA5BgNVBAsMMmNvbS50YWJsZWF1c29mdHdhcmUuc2l0ZXNhbWwuY29yZS51dGlsLkNyeXB0b1V0aWxzMS0wKwYDVQQDDCQ1ZTk5OGE3Zi0zNGJiLTQyMzMtYjU5NC03ZjBiZTRhYzlhNTAwHhcNMjAwMjA0MTQ0MDU4WhcNMzAwMjA1MTQ0MDU4WjBsMTswOQYDVQQLDDJjb20udGFibGVhdXNvZnR3YXJlLnNpdGVzYW1sLmNvcmUudXRpbC5DcnlwdG9VdGlsczEtMCsGA1UEAwwkNWU5OThhN2YtMzRiYi00MjMzLWI1OTQtN2YwYmU0YWM5YTUwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM+g2RuZuiwEp9+M1JIajBOZCAEiiETWyFTrk8FnQcvQcaocMmpLCZZjrR103aQY1tMOXeO8PQDAkna12hM927Wp9vvRhBS4FC4Lz+rUnKTR2dZnfnTg+Hk9On2SCHFr4R+SKAz4dpuOwD2IskVsh0I805r+owQz/Aiw7D2ahO+QIDAQABo1AwTjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR3sCdX4cViOGLJRDh+tAYC6y47GzAfBgNVHSMEGDAWgBR3sCdX4cViOGLJRDh+tAYC6y47GzANBgkqhkiG9w0BAQsFAAOBgQBB7MsX6ufrrwDbm3i1YuwE1t+G4aPqM2OpIjSU0wQ1kIsVQ9LpkM9wwxbfYJtRSa4rIj42k7AtOPdfJFdeLg6W5ZF3Qe5EWTJ5SsENidaKwE80/gaw+fWw8zmIbTJfuBf/bZre9bkj10Mcp1KFyLfg3YipFUNZ8+KLq0419bs6SQ==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>Q7e4Qf00jex6kp7/LIHI6eiMs+0jP5o6+jNH0LHjMFJsxdcwb5arsjyKpH9baQVTAKoKGF/wuASKSXuJhXBInEC6c3bD6qdJ1BLlwQJi4hYC7KUplknEXHO1fp1VawGRfux16sQbgPEwznqk0bp8+MPyhdlAkJajr2COtSe8eNU=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>1uxYnQtirg8YBc48iJC5yiRKjpZjZ/HfNAm4xk+YGyd/RwkLIx3DDxpgT470gGp9C7ybr+G107oLlDOyI836WqqbaX74ibNKmcd1MuT4ghLEzHi6FSCCBjb6Rgw8/rnOaoxrkS9LrEju1HZWJgFBqoMOP0kNpswYIKAZQ50GKY/WJz2lWMM/jiV0wNzCPv5PdMPhNHEAwRTi5rFFw9sskroXSXv2TiWQaX1poiTb/Zt3iIJVtqOGjzyX3nn/HLu/qn9aS3yUOA7Dl4K3hL587cLHy/KJQyJq95RNYUyu//tRE1TTUIcT71aPLwfotGdQUHOuCh3gZ2MrxB3CF42JpAE5k8MdQkHjUAX9l/44amn2X9zIDcG8D84Fxan0cNDtXwXOUtpWTeyormMphVUbq+St/dWT7HWBv9vKSmAlgLQAN+XJmnw3ZFjDr/u+mbh5wcReZvfghVcLfQmBIqTrevNF44R3TEZ45J5Je0X7InVK/Er/spyfBT1fnhAJCIXQsYWsQDiFMAAKSBs+6JatGfYBvNx27ZS3KsnxW9oHRsqJBkEMcBcTnqGhbunUDVx1V5iSwl/sNKHXFeplNo+wiSL9na1QmplomUYkN/lj/wujSlz2kmcUcG13XDXtebF8DIDMIsPHUrQoshKrxf45Zej+/FDaxnkcsdwkah/3NZDFH4VUEETsg1XqRNJgoxTdq/lYyzlbpsrY8ppmw0BVFYXURXu5cq0RAyEAcKcQoF/NQc5sueAWqZgaTDZ/10aOtOAyqpxdlou25EDbDffDCrtZ1hTsPN6Dfek+YBmwjNlJ9ncVvqZzou6ANyiHxZyZI9PEm4QUEy/U9HBfPfHVIuFpGuHw5xm0u3SbD37ChgeKV0CymWLj6hb3Xu3INtwwJJfP0Xr2atercv25FfFG5LbSDZwDEToAF2gHaH8xxnPsWDfRe2aFPh7qa/GEzrqfzZE4TlEyVkuOQXygbygKOHYT8bogkUSuoTPjf/jd8LHFcBj2yL3eG1sPspwCZayFVWPTOSXlK133elqWasNtmy2rSXGGq3/jNvFAdaOMUXXLo0iNV1VCI7OIXu+EpQ2I15mrwv9YXI4nFgqI7E/hih5B4Gssw4m78lwJMTgiISfOLEmVBgNMU01sAYN91syIKLRIknIfsFANCls2htoay88sboJEntw5gsHyjKw9TDAyRBEKVDGMdyTivYgj2bYTC2nKB6blLANOLLhY1uRgzPudeXbQDg7x4eHN/tzSMlhI6zHTBjtkD5JtApcZfhGSzOa3Z1/0ZKtciK0BurjpL0X8r+MqE3R8H7ssZs4emOZoQFyrouQTp/ABNErcQHdcNr/QAbIH9MlzQNups3esgkpbKSw/sAjE+dOWgdN/N5faLGEXqFLhvdrRA123nO71ncFNy2ZgcM0NirK3buS4ll7TmTjAAMZpoTMGy3PBsSx2h611aVXB4ET5aKtb0VL8F4oleTt2GCqR6RfJf1WbisZqPbobPNFVBDHOWrbCstmwA41xy+ohxNCcBtG2TNG+NrSR0+aisQvaMLE39bkai1xBL0d8pu4FPhDgn9SaPQV8PCyh/en+fEXuVDs+upUrG3HKiOeyP8BtUyHIQ4ReVGbuO237twOQ1D86LoxNLwBkfUI3YvFP8kpdQ8ifB5CB19VN6Q6aqYi8/SP37HVgUrZxszNbLFhC5QQDSQSoQla5olc25vPTAncQYosCWjmsBp8H1B+YxP7R2uzbhk7bnNINMSnBQ/KZqLSGlYMx+AHCBlMI2KE9rGevPGT4K5z9M437Ap6tQZOCNNhvahDTogN+viW71Da+G6emCZXfwosMEw8ive/5TRiQZkhNKVcs4yAQ4z5f96TojC6RB7aekWM122gxvc8veKxPEER6KHEBsn6LuYfYFHNdygIRQX1J5wPG+3WgjiyUnIt8NmbU3uXoGhySGVvKzk9Avrz2/7MkgUyPy8B0VScIVMAXO+1MxTctbYk3zWYr/h4a/d7cCKVgtfp11yCW606xDqWnOOfyvlc4ph1J28rh4OFDlFd1dvbIzpAr6uEz9ZumV7NXQgevgabtX5kI1m42JmK7YojvItFEJ1WM17s4MKJZXl5YKmyevmPjH9hdXI/m4wR8GuMLXDtk29vRERl83vcvOJUzB+/oIydzB647OoOoRNPjjp25hV5RYnGhrkBuBq8zpQKq/Nl5mfdB8i8ocabvnmdhOv5ZHYZ77ZPmkZijNpKSvHN4l9GswhfhBjVZjgqj1qoBsv7tyD7GuhN7ggp5Q8eZsSC0h/IZ3AzR0Adc4ROapMk3d4fO3OkeqCm368QW2DA2HhB3Rs9Qr6LjdH5dvdMY4NUKehEfAHho/wf7RNKobGzkZTNXvH6lAeeCldfEOMVnmwZPN0s9SZAOuNLGb2I=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</samlp:Response>
Tableau Online(托管版本)不支持加密的断言。摘自Tableau Online的SAML requirements:
已启动SP或IdP:Tableau Online支持SAML身份验证,该身份验证从身份提供商(IdP)或服务提供商(SP)开始。
明文断言:Tableau Online不支持加密断言。
您需要在SAML身份提供程序中关闭断言的加密。