开发者社区> 问答> 正文

关于simplesamlphp框架的配置问题 403.10 禁止访问:配置无效 

"

事情是这样的:现在客户有个需求需要接入aws的cognito,而第三方登陆这里使用cognito提供的saml。
这边服务器使用simplesamlphp框架处理;但是当配置好之后、接收到从cognito发出的断言时simplesamlphp提示无法定位元信息:


我不确定我的配置是哪里出问题了(老实说也不知道哪里正确),配置代码如下:

saml20-idp-hosted.php 文件:

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'host' => '__DEFAULT__',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',
        'auth' => 'example-userpass',
        'attributes.NameFormat' => 'urn:oasis:names����SAML:2.0:attrname-format:uri',
        'authproc' => array(
                100 => array('class' => 'core:AttributeMap', 'name2oid'),
        )
);

saml20-idp-remote.php 文件:
 

<?php
$metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
        'metadata-set' => 'saml20-idp-remote',
        'entityid' => 'http://www.saml.com/simplesaml/saml2/idp/metadata.php',
        'SingleSignOnService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SSOService.php',
          ),
        ),
        'SingleLogoutService' =>
        array (
          0 =>
          array (
            'Binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect',
            'Location' => 'http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php',
          ),
  ),
  'certData' => 'certData',
  'NameIDFormat' => 'urn:oasis:names����SAML:2.0:nameid-format:transient'
);

提供给cognito的断言:
 

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names����SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="urn:amazon:cognito:sp:us-east-1_YaRHr5R7c">
  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names����SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDtTCCAp2gAwIBAgIJAOWFqULLmgfjMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTAeFw0xNzEwMjMxMDQ5NThaFw0yNzEwMjMxMDQ5NThaMHExCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCR1oxCzAJBgNVBAoMAkRQMQowCAYDVQQLDAFUMQ4wDAYDVQQDDAVaSE9ORzEfMB0GCSqGSIb3DQEJARYQNDA2MTM5NzE5QHFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0zCV7QvICRkVFKzRlNYYTSdWIs8xEaDseqlnLwKEzp9JG13rdwD7OxrC2V3LchRzAB2lviD6oAxEXrs2L3X4qaKhBLC8UT3mBGEDWtDkH93Kp9zmF4N6SC4fuf0ULtDofmoXv55yTZvbp4ydGXPc9NEq93wX9zPgdzejzBcIjOJu/CmzCCxy6VyTr89/e1WUDxbh5b8O+UNluM0caEXN3gdogtIgNmZqASmzV7oDIimvb6UDhjQjFkCfgwvCiYJvnesMErT8GTQ4sJRVPe5SXYecNr/Gzajdpr7i/NP7uKSoD+ykhua0Ierf3nnIZIe1FQiFlCVjU1PBorL/WlNwMCAwEAAaNQME4wHQYDVR0OBBYEFDUswqEHEi9Xgd7Od4j+WGXfpxiZMB8GA1UdIwQYMBaAFDUswqEHEi9Xgd7Od4j+WGXfpxiZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGUfL1lf/L1V2+fkMUZMzMSaT3HhWikpfvWnVK8IZgJfwdHadxC7N7jp/1quYL7LrJgGR9dbp3rYh2Q6DTXgwl//PFhZtf91thrwYWwKEqsge8S4LBgsNLVSlsO+7ryXy9mvcVNOhnzVirOWU7iv8wDvzbx35BwO8eQI0Rw5lQnpGWI/8wQBJYNTM5GXiJVqWAsSZTTRy5y84tCsesp7U2sNIXBuvRf2fhBul7lucQW/27KBZeeGD+ppU++eyOE6G4irOH78A9B1GK6NpDNKXieOgd+krCsG6WGaa0hqUXFWIloPugMWVVElCu6FAF15Tmm0bWS/47p+LS0hqbG+auc=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SingleLogoutService.php"/>
    <md:NameIDFormat>urn:oasis:names����SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:SingleSignOnService Binding="urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect" Location="http://www.saml.com/simplesaml/saml2/idp/SSOService.php"/>
  </md:IDPSSODescriptor>
  <md:ContactPerson contactType="technical">
    <md:GivenName>zhong</md:GivenName>
    <md:EmailAddress>40613****@qq.com</md:EmailAddress>
  </md:ContactPerson>
</md:EntityDescriptor>

望大神赐教

"

展开
收起
kun坤 2020-05-26 12:46:40 444 0
1 条回答
写回答
取消 提交回答
  • 解决了,主要是要配置它的saml20-sp-remote.php文件:

    $metadata['urn:amazon:cognito:sp:us-east-1_YaRHr5R7c'] = array(
            'AssertionConsumerService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/saml2/idpresponse',
            'SingleLogoutService' => 'https://testcloud.auth.us-east-1.amazoncognito.com/logout?client_id=7tkior5512sk93rmb5der0aa0r&logout_uri=https://test.dvrskype.com/test/logout',
            'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
            'simplesaml.attributes' => FALSE,
    );

    最大的教训是多上官方论坛,少看官方文档:(

    2020-05-26 21:16:44
    赞同 展开评论 打赏
问答地址:
问答排行榜
最热
最新

相关电子书

更多
低代码开发师(初级)实战教程 立即下载
冬季实战营第三期:MySQL数据库进阶实战 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载

相关实验场景

更多