Construct a signed SAML2 LogOut request

前端未结

关注

 3  512

太阳男子 2020-12-14 03:56

My aim is to implement the Single Log Out Protocol. First I am understanding how the standar works and how I can fit it in my scenario: ADFS 2.0 as IdP, for

3条回答

时光说笑 (楼主)

2020-12-14 04:17
Finally I got the right recipe:
1. Generate the SAMLRequest value
2. Encode the SAMLRequest value in Base64
3. URL-encode the SAMLRequest value
4. URL-encode the SigAlg value: http://www.w3.org/2000/09/xmldsig#rsa-sha1
5. Feed the algorithm signature (SHA1withRSA) with the SAMLRequest=value&SigAlg=value
6. URL-encode the generated signature
We can perform the steps 2 and 3 with the SAML 2.0 Debugger (https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php). And for the URL-encoding use the classic w3schools (http://www.w3schools.com/tags/ref_urlencode.asp)

Warning! Ensure that the algorithm for your relying party, in the ADFS2, is setup to SHA1!

Best regards,

Luis

ps: now I have to code a little bit...

pps: You can find the code here: https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...