Rails request.create 在 rsa-sha256 中?
Rails request.create in rsa-sha256?
我正在处理 SAML 身份验证
我在 rsa-sha256 中设置了摘要和签名方法,但是当我创建重定向身份验证用户的请求时,请求在 rsa- sha1 ...
在url里面有SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
但我希望它是 rsa-sha256
设置:
def saml_settings
settings = OneLogin::RubySaml::Settings.new({:idp_cert_fingerprint_algorithm => XMLSecurity::Document::SHA256})
settings.assertion_consumer_service_url = "..."
settings.issuer = "..."
settings.idp_sso_target_url = "..."
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
#settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
settings.certificate = CONFIG_CERTIFICATE
settings.private_key = CONFIG_PRIVATE_KEY
settings.security[:authn_requests_signed] = true # Enable or not signature on AuthNRequest
settings.security[:logout_requests_signed] = true # Enable or not signature on Logout Request
settings.security[:logout_responses_signed] = true # Enable or not signature on Logout Response
settings.security[:digest_method] = XMLSecurity::Document::SHA256
settings.security[:signature_method] = XMLSecurity::Document::SHA256
settings.security[:embed_sign] = false
settings
end
当我创建 请求 时:
request = OneLogin::RubySaml::Authrequest.new
redirect_to(request.create(saml_settings))
这里,request.create(saml_settings)返回的是url,还有SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
如何将其更改为 rsa-sha256?
其实我找到答案了:
在lib中,sha1或sha256加密将由设置定义,
在OneLogin::RubySaml::Authrequest的方法create_params中我们有
if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
params['SigAlg'] = XMLSecurity::Document::SHA1
...
end
所以,我
settings.security[:embed_sign] = false
因此条件为真。但它必须是 FALSE
所以我放了
settings.security[:embed_sign] = true
(实际上,它必须为真)
和
request.create(saml_settings, {:SigAlg => XMLSecurity::Document::SHA256}))
大功告成!
我正在处理 SAML 身份验证
我在 rsa-sha256 中设置了摘要和签名方法,但是当我创建重定向身份验证用户的请求时,请求在 rsa- sha1 ...
在url里面有SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
但我希望它是 rsa-sha256
设置:
def saml_settings
settings = OneLogin::RubySaml::Settings.new({:idp_cert_fingerprint_algorithm => XMLSecurity::Document::SHA256})
settings.assertion_consumer_service_url = "..."
settings.issuer = "..."
settings.idp_sso_target_url = "..."
settings.name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
#settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
settings.certificate = CONFIG_CERTIFICATE
settings.private_key = CONFIG_PRIVATE_KEY
settings.security[:authn_requests_signed] = true # Enable or not signature on AuthNRequest
settings.security[:logout_requests_signed] = true # Enable or not signature on Logout Request
settings.security[:logout_responses_signed] = true # Enable or not signature on Logout Response
settings.security[:digest_method] = XMLSecurity::Document::SHA256
settings.security[:signature_method] = XMLSecurity::Document::SHA256
settings.security[:embed_sign] = false
settings
end
当我创建 请求 时:
request = OneLogin::RubySaml::Authrequest.new
redirect_to(request.create(saml_settings))
这里,request.create(saml_settings)返回的是url,还有SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
如何将其更改为 rsa-sha256?
其实我找到答案了:
在lib中,sha1或sha256加密将由设置定义,
在OneLogin::RubySaml::Authrequest的方法create_params中我们有
if settings.security[:authn_requests_signed] && !settings.security[:embed_sign] && settings.private_key
params['SigAlg'] = XMLSecurity::Document::SHA1
...
end
所以,我
settings.security[:embed_sign] = false
因此条件为真。但它必须是 FALSE
所以我放了
settings.security[:embed_sign] = true
(实际上,它必须为真)
和
request.create(saml_settings, {:SigAlg => XMLSecurity::Document::SHA256}))
大功告成!