Sure, thanks Tony
On 30 ene, 17:00, "Tony (Google)" <[email protected]> wrote:
> Hi David,
>
> Can you file a support ticket so I can work with you to troubleshoot
> this issue? Instructions can be found in the Support tab.
>
> Thanks,
>
> --Tony
>
> On Jan 30, 9:59 am, David Cifuentes <[email protected]>
> wrote:
>
> > Hello,
>
> > I'd like to sign the XML of the SAML response with pure PHP 5 (no
> > command line calls of xmlsec1). I've seen that the simple saml php
> > projecthttp://rnd.feide.no/simplesamlphpdoesexactly this with the
> > xmlseclib.php library. I tried to port the xml signature part to my
> > app but the signed response is not valid to Google. Here is what I
> > did:
>
> > public static function signResponse($responseXmlString, $pubKey,
> > $privKey) {
> > $xml = new DOMDocument();
> > if(!$xml->loadXML($responseXmlString)) {
> > throw new Exception();
> > }
> > /* Load the private key. */
> > $objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array
> > ('type' => 'private'));
> > $objKey->loadKey($privKey, true);
>
> > /* Get the EntityDescriptor node we should sign. */
> > $rootNode = $xml->firstChild;
>
> > /* Sign the metadata with our private key. */
> > $objXMLSecDSig = new XMLSecurityDSig();
> > $objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
>
> > $objXMLSecDSig->addReferenceList(array($rootNode),
> > XMLSecurityDSig::SHA1,
> > array('http://www.w3.org/2000/09/xmldsig#enveloped-
> > signature', XMLSecurityDSig::EXC_C14N),
> > array('id_name' => 'ID'));
>
> > $objXMLSecDSig->sign($objKey);
>
> > /* Add the certificate to the signature. */
> > $publicCert = file_get_contents($pubKey);
> > $objXMLSecDSig->add509Cert($publicCert, false, false);
>
> > /* Add the signature to the metadata. */
> > $objXMLSecDSig->insertSignature($rootNode, $rootNode-
>
> > >firstChild);
>
> > /* Return the DOM tree as a string. */
> > return $xml->saveXML();
> > }
>
> > The signed XML looks like:
>
> > <samlp:Response xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
> > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; ID="pfx091359c1-a7ef-
> > e501-0455-1323df8d6502" IssueInstant="2009-01-30T17:34:01Z"
> > Version="2.0" Destination="https://www.google.com/a/unbosque.edu.co/
> > acs"
> > InResponseTo="aalpmhflehehnnbngdfaddelckndjiihfflakfhc"><ds:Signature
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> > <ds:SignedInfo><ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#rsa-sha1"/>
> > <ds:Reference URI="#pfx091359c1-a7ef-
> > e501-0455-1323df8d6502"><ds:Transforms><ds:Transform
> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></
> > ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#sha1"/><ds:DigestValue>VVXUdt2Ob/kFv4mupa07P/ViEU4=</
> > ds:DigestValue></ds:Reference></
> > ds:SignedInfo><ds:SignatureValue>FBzpPMcX5yms0exp8e4uga7hrYOqr
> > +UprkYhp0RbCePPWt/JUt2Nu5F5kkWK+Cj2QRsEUejsHO6s
> > +zLMgb0MP7LrtJiEKRk59MY7xtQPrF1ieKEj7Zjvu2ap0juFLCkchJ9/
> > xORUSsrEVTc6AhM2iZjr2YKqioY8fDhtXk7kQF0=</ds:SignatureValue>
> > <ds:KeyInfo><ds:X509Data><ds:X509Certificate></ds:X509Certificate></
> > ds:X509Data></ds:KeyInfo></ds:Signature>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
> > <SignedInfo>
> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/
> > 2001/REC-xml-c14n-20010315#WithComments"/>
> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#rsa-sha1"/>
> > <Reference URI="">
> > <Transforms>
> > <Transform Algorithm="http://www.w3.org/2000/09/
> > xmldsig#enveloped-signature"/>
> > </Transforms>
> > <DigestMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#sha1"/>
> > <DigestValue/>
> > </Reference>
> > </SignedInfo>
> > <SignatureValue/>
> > <KeyInfo>
> > <KeyValue/>
> > </KeyInfo>
> > </Signature>
> > <samlp:Status>
> > <samlp:StatusCode
> > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/
>
> > </samlp:Status>
> > <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
> > ID="jlmaghekccjbghadceopcgoefkepgphaleaclemn"
> > IssueInstant="2009-01-30T17:34:01Z" Version="2.0">
> > <Issuer>unbosque.edu.co</Issuer>
> > <Subject>
> > <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-
> > format:emailAddress">
> > cifuentesandres
> > </NameID>
> > <SubjectConfirmation
> > Method="urn:oasis:names:tc:SAML:
> > 2.0:cm:bearer">
> > <SubjectConfirmationData
> > Recipient="https://www.google.com/a/
> > unbosque.edu.co/acs" NotOnOrAfter="2009-01-30T17:44:01Z"
> > InResponseTo="aalpmhflehehnnbngdfaddelckndjiihfflakfhc"/>
> > </SubjectConfirmation>
> > </Subject>
> > <Conditions NotBefore="2009-01-30T17:29:01Z"
> > NotOnOrAfter="2009-01-30T17:44:01Z">
> > <AudienceRestriction>
> >
> > <Audience>https://www.google.com/a/unbosque.edu.co/acs</Audience>
> > </AudienceRestriction>
> > </Conditions>
> > <AuthnStatement AuthnInstant="2009-01-30T17:34:01Z">
> > <AuthnContext>
> > <AuthnContextClassRef>
> >
> > urn:oasis:names:tc:SAML:2.0:ac:classes:Password
> > </AuthnContextClassRef>
> > </AuthnContext>
> > </AuthnStatement>
> > </Assertion>
> > </samlp:Response>
>
> > If anyone have used this library or can tell what's wrong I would
> > appreciate it.
>
> > Thanks,
>
> > David Cifuentes
> > Eforcers.com
> > Bogotá, Colombia
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Apps APIs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/google-apps-apis?hl=en
-~----------~----~----~----~------~----~------~--~---
