我需要使用自定义数据创建SAML令牌。
MSDN上有一个很好看的例子,但它不是在编译。。。。
有人读过关于工作样品的smt吗?
还是只是在Assertion集合中添加新的声明?我需要在联邦元数据中描述它们吗?我还应该做什么其他问题?很高兴看到任何帮助。
我记得在一个ACS示例中有一些自定义SAML令牌生成代码。那将是一个很好的开始。您可以在这里下载,查找OAuth2CertificateSample,SelfSignedSaml2TokenGenerator.cs。代码如下:
/// <summary>
/// Creates a SAML assertion signed with the given certificate.
/// </summary>
public static Saml2SecurityToken GetSamlAssertionSignedWithCertificate(String nameIdentifierClaim, byte[] certificateWithPrivateKeyRawBytes, string password)
{
string acsUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}.{1}", SamplesConfiguration.ServiceNamespace, SamplesConfiguration.AcsHostUrl);
Saml2Assertion assertion = new Saml2Assertion(new Saml2NameIdentifier(nameIdentifierClaim));
Saml2Conditions conditions = new Saml2Conditions();
conditions.NotBefore = DateTime.UtcNow;
conditions.NotOnOrAfter = DateTime.MaxValue;
conditions.AudienceRestrictions.Add(new Saml2AudienceRestriction(new Uri(acsUrl, UriKind.RelativeOrAbsolute)));
assertion.Conditions = conditions;
Saml2Subject subject = new Saml2Subject();
subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(Saml2Constants.ConfirmationMethods.Bearer));
subject.NameId = new Saml2NameIdentifier(nameIdentifierClaim);
assertion.Subject = subject;
X509SigningCredentials clientSigningCredentials = new X509SigningCredentials(
new X509Certificate2(certificateWithPrivateKeyRawBytes, password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable));
assertion.SigningCredentials = clientSigningCredentials;
return new Saml2SecurityToken(assertion);
}
此外,身份验证过程不需要在联合元数据中描述已发布的声明。在联合元数据中发布的声明只是对令牌使用者的提示,提示他们应该在发布的令牌中找到什么。