我使用Java客户端生成自定义SAML断言,以便从支持SAML2承载断言配置文件的WSO2 API管理器获取OAuth令牌。(https://nallaa.wordpress.com/2013/04/04/saml2-bearer-assertion-profile-for-oauth-2-0-with-wso2-identity-server/)
这是向在WSO2 is中没有登录的匿名用户发出OAuth令牌。我正在为这些用户生成小id。使用这个唯一id,我生成SAML断言。
现在我想把这个逻辑移动到node.js。是否有一种方法可以在node.js中创建类似于此逻辑的SAML断言?
private Assertion buildSAMLAssertion() throws Exception {
DefaultBootstrap.bootstrap();
Assertion samlAssertion = new AssertionBuilder().buildObject();
try {
DateTime currentTime = new DateTime();
DateTime notOnOrAfter = new DateTime(currentTime.getMillis() + 60 * 60 * 1000);
samlAssertion.setID(createID());
samlAssertion.setVersion(SAMLVersion.VERSION_20);
samlAssertion.setIssuer(getIssuer());
samlAssertion.setIssueInstant(currentTime);
Subject subject = new SubjectBuilder().buildObject();
NameID nameId = new NameIDBuilder().buildObject();
nameId.setValue(username);
nameId.setFormat(NameIdentifier.EMAIL);
subject.setNameID(nameId);
SubjectConfirmation subjectConfirmation =
new SubjectConfirmationBuilder().buildObject();
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
SubjectConfirmationData scData = new SubjectConfirmationDataBuilder().buildObject();
scData.setRecipient(recipient);
scData.setNotOnOrAfter(notOnOrAfter);
scData.setInResponseTo(id);
subjectConfirmation.setSubjectConfirmationData(scData);
subject.getSubjectConfirmations().add(subjectConfirmation);
samlAssertion.setSubject(subject);
AuthnStatement authStmt = new AuthnStatementBuilder().buildObject();
authStmt.setAuthnInstant(new DateTime());
AuthnContext authContext = new AuthnContextBuilder().buildObject();
AuthnContextClassRef authCtxClassRef = new AuthnContextClassRefBuilder().buildObject();
authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
authContext.setAuthnContextClassRef(authCtxClassRef);
authStmt.setAuthnContext(authContext);
samlAssertion.getAuthnStatements().add(authStmt);
if (claims != null) {
samlAssertion.getAttributeStatements().add(buildAttributeStatement(claims));
}
AudienceRestriction audienceRestriction =
new AudienceRestrictionBuilder().buildObject();
if (requestedAudiences != null) {
for (String requestedAudience : requestedAudiences) {
Audience audience = new AudienceBuilder().buildObject();
audience.setAudienceURI(requestedAudience);
audienceRestriction.getAudiences().add(audience);
}
}
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(currentTime);
conditions.setNotOnOrAfter(notOnOrAfter);
conditions.getAudienceRestrictions().add(audienceRestriction);
samlAssertion.setConditions(conditions);
if (doAssertionSigning) {
setSignature(samlAssertion, XMLSignature.ALGO_ID_SIGNATURE_RSA, getCredential());
}
} catch (Exception e) {
e.printStackTrace();
}
return samlAssertion;
}
This[1]是我能找到的唯一与构建SAML断言相关的库。您可以在这里[2]找到该库的源代码。试着去探索它的能力。它目前似乎只支持SAML 1.1令牌
[1] https://www.npmjs.com/package/saml[2] https://github.com/auth0/node-saml