Я использую Thinktechture Identity Server для выпуска токенов безопасности SAML с использованием протокола WS-Trust. Затем я вызываю свой WEB Api с HTTP-заголовком авторизации, содержащим токен. Маркер успешно обрабатывается с помощью Thinktechture.IdentityModel.
Но когда я использую сертификат для шифрования отправленного маркера (путем выбора сертификата шифрования на странице администрирования IDP RP), в запросе, полученном IdentityModel, для заголовка авторизации установлено значение null (на самом деле зашифрованное значение существует внутри массива «InvalidHeaders» в объект запроса).
Используя fiddler, я заменил значение заголовка на то, которое я получаю без шифрования, и ответ на запрос работает. Так что это определенно что-то в этом значении заголовка.
Это значение заголовка, которое проходит через:
IdSrvSaml <Assertion ID="_6a775e39-a369-4f11-b173-3914ffb21839" IssueInstant="2013-10-21T07:48:43.046Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://login.dev.netformx.com/IDP/issue/wsfed</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_6a775e39-a369-4f11-b173-3914ffb21839"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>gj/Iad9M58yBn4US3Uu7V1GUYhOWsFT3OrrMlbtPusg=</DigestValue></Reference></SignedInfo><SignatureValue>U3nQIy/vL2bDOI8sV/YMzc5/iZPfEeFJN3WeuYRVD1sBnWGTEbaElbs3EudrO2nSBtR5EC8WJ7U2AULXm0jRnTPoxLxHxCBstnNozh/Cb82KSpSqF4JGCvAqxKjMv/T05uAylF1hFHH6qFcRG4CilMyo1X99saySVYib6QA7DHg=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDnzCCAwigAwIBAgIJANAP5k4PCG5WMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDE5ldGZvcm14IExURDELMAkGA1UECxMCSVQxFzAVBgNVBAMUDioubmV0Zm9ybXguY29tMR4wHAYJKoZIhvcNAQkBFg9pdEBuZXRmb3JteC5jb20wHhcNMTExMjE5MTI1MjM1WhcNMjExMjE4MTI1MjM1WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxOZXRmb3JteCBMVEQxCzAJBgNVBAsTAklUMRcwFQYDVQQDFA4qLm5ldGZvcm14LmNvbTEeMBwGCSqGSIb3DQEJARYPaXRAbmV0Zm9ybXguY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCn23JZTi6UMZ+iwsxCP1SGX2Py39BqBH3dDjUdZA00A8x/UWibIgcGlQkA7KNESPwEZBHT2JhebiHosHMOPWe/0lpY7N4FZ9IcMTk1iFrX1I43EEYNlhKAvAnPv1105BUdFs3HtAohqxtJ+R1e+9yUJA0M+9HCj8gotMs/MwYVTQIDAQABo4H6MIH3MB0GA1UdDgQWBBTbT+HBO+s2rhEfvESxKrwgCCx3gzCBxwYDVR0jBIG/MIG8gBTbT+HBO+s2rhEfvESxKrwgCCx3g6GBmKSBlTCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxOZXRmb3JteCBMVEQxCzAJBgNVBAsTAklUMRcwFQYDVQQDFA4qLm5ldGZvcm14LmNvbTEeMBwGCSqGSIb3DQEJARYPaXRAbmV0Zm9ybXguY29tggkA0A/mTg8IblYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA9cFQGXx2dDE9qUdeM7Y82D8Tv/hscyoHX+tu/8ToWnkLQBcfsNwaZFBRkPdeBnzavgMfZ3jage+hD2GD5YM3jfbMlZ+oKrDKDx/YP64ElQeNFqPdG6MitCVWYmM5OkL12Zm7sy/K8FBTTbj0gaRmePqYKQzK2tctOLzg3jDXCJQ==</X509Certificate></X509Data></KeyInfo></Signature><Subject><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer" /></Subject><Conditions NotBefore="2013-10-21T07:48:43.037Z" NotOnOrAfter="2013-10-21T17:48:43.037Z"><AudienceRestriction><Audience>https://dev.netformx.com/cloud/</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><AttributeValue>nfxtest</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><AttributeValue>[email protected]</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"><AttributeValue>CloudReport</AttributeValue><AttributeValue>IdentityServerUsers</AttributeValue><AttributeValue>NetformxCloudUsers</AttributeValue></Attribute><Attribute Name="http://identityserver.thinktecture.com/claims/profileclaims/firstname"><AttributeValue>userfirstname </AttributeValue></Attribute><Attribute Name="http://identityserver.thinktecture.com/claims/profileclaims/lastname"><AttributeValue>userlastname </AttributeValue></Attribute><Attribute Name="http://identityserver.thinktecture.com/claims/profileclaims/companyname"><AttributeValue>companytestname</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2013-10-21T07:48:43.019Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>
И это значение заголовка при шифровании, которое не проходит:
IdSrvSaml <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></e:EncryptionMethod><KeyInfo><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><X509Data><X509IssuerSerial><X509IssuerName>[email protected], CN=*.netformx.com, OU=IT, O=Netformx LTD, L=San Jose, S=California, C=US</X509IssuerName><X509SerialNumber>14992454907473718870</X509SerialNumber></X509IssuerSerial></X509Data></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>JPPwxxL06myHcEadsSpEgrMVuIhvyGcb6nDQs1WEFUsjNEAdc+y9S8ISmVO17rhfaA1VJ/OZyrHcZwghltctDfkRWSylpi2/pTm1CIPZpLfVu5vEHB3VTqySEpMVffcitQhKtl7R/Cmp5t/QnbZIUBeDJn+VpjSBaFyYC0R3JsE=</e:CipherValue></e:CipherData></e:EncryptedKey></KeyInfo><xenc:CipherData><xenc:CipherValue>URBfgo6BWMQ9tQZEvUvxSdRrBx7IRv5LRmLzcZEEznBa0lKpRG+Yf9lUgWFzEr76aupfc9pkgiBNzxaSvtLdl6BCqINZFirk6CcNqsygHFXOzN13iHcl7UpyarwhwrnjxF+t5XACRRWKQAVTU38M7pThlnIgcbdToiXtluDxghJcpCNDqcWu7QB1nxj/f3mPIA91uFInIdeE7ACLRUFPe+5k/3VC3rjtZgKeaccwx5A/HuHzqto+cG8f1yQ2pGbuGa3YSm8x/TkSy9IpqKRHV57lB3N7Ci+8E0BDTsafZP2RujJAeaWzgeOJGDm2nfNGMI3fgJimzUySGYimwPlwTKJ1RlWXR8Sjfan3a8OVVtByArQgqtkHM2V8oPOwEW97Axk70rK2C8Uf3qKFVaqlOh+iih5QwwDmG/9FNuSYb9B6tThwypV+ne89eGf50hC+S4Vr8AE9ftYV1DflsRDK/4LoLHZowzhyLc+muckNa88dkHxpakxX1MTrYF8SwtJzoTlfRRwpDQG9lZk15YmDTneww9Chh4RRKuH0et8q1mq0F8qBg1DWUAA8zVY/Elg5ubnR5gSqdQPl054Uens27xvW1NKOfMPcI/2iEL+kely4PuBA4DOq7y9K6vn7tcIUbLkeoUfbvlF/adD5BiQbQXBR6i+k/XLYv4nN2E9kgvPFZkqIkgnfiUSWLEnEpk2txbxSVhgDiwHkFqlGhgCnfuXDe8g+MzrwTC+k52cTcuRqpyBbKh3h2YobGNHjkcZGRGIs/I//kx7pjCuhqlxGhLhF/A3RZwhUyIcD8QZkYlFU4k4QTAUIcQURh6p4DEk213XM3MSSviERIILKMPfPh43e9lR6sYWLSQFSq+FWqZLHEeVX/f0IPUysnUAwuooq0M1WsIg/BUI7RehtiBaLLciXlwLMS6e5m6AgiveLuHtCGeAjB/friWvWCpdYMPABzX6vFD3Q5NKeiooFxNfdVGSYRn6cnLjinzhPeeREzvX78hFBeCQfcSBPSFarCKtzijaByyDbO4Y5kK9dC7bEUllQzUwuTd+ySFuZnPwQQdsS/7kHO3sXt/P48hK0BdU7I9ar0UfB4jXXRr712vjBqRoiETmHbEWssydjhUegSyoSm/tAkH2WONkvvha2gLS+L2cXk6LdsY5JTAzsedecirtrlrMiVuZ40xd6Sd5MatM99TdVDusFKuKSsefNDL0/v51Mu9CmPbrOL2eL9o6xs+UfAb2p5mB4DuOm6xI+h9jN1feLw6Cgh2TkKcsDDMVYSIk0n5g1GffPtP9LE4w11vcONEMouk8ykMIBMduoQXf0nrkPQhDuy4evxfAbE2LjfdsBDeKCg+qq9puRZ0yj/IgVlfjViXkBLs3c6wuPOiLFNL2ZN6DlyuF69JUcwFtVlzV9XZVRP15+f+ZfFV6dEzTNSZcgWKL0S+WMOlcr247knLE14jii8uhbmc/Xhfc1gPLgqT1bBfzGkx7aBlbGbItiM6I0yhCTGM4SBLhoNDo5PmhXLyXiNXD/RrvXOkFozPZ+iRVGThen1BVpkPNomiVY6gSH5+pplW+jD4jp4hnQ6OlaZNAi2WeOuslu7y0T68r8wkgKSRbmmp7TyTvXp/v/UmPP/m856S9phrP36KWdRxWaQkVVA832SC7vMt4hqGTHJPT7yWUxrAc2KnVvkHiP4OTc5GIwHf0h2sqD09wMqoKHMfJ+p5eBNSB866YQ3L+yyUGu9yKEznXrA58X7K1xK8JcnDZbeahIK4Dm4aIhAIRliWD4vI6sb3d5fnpGnlbA4GZ5xA2pzqxDRj/qraBGJIJTl1ew9XjU4NxraxT6tFDQjLLflek/dbD7HG2ssF1P0d2SpFMGSPGgjMUdxzz8ZcyVB5KG3loQlphtd4NoOfAj3ML5PNTFqKEWfMRrfcYZTPI4rRTnDQG0hjasH5sITPfczr67foPwaEAI7XE1ylQaO0eh6iDTtlaN4i2Ny8CFPejyAk3stf7cxaWobtNOCqo+s4GGmKLdtbRzQMUg+643apAm9gJd0f5AixLBAQ9NNytfQ8ZHoYnz/5EVeZhGweG9cFIjTg+Qt4ElguNCAsjuL4iixt6xEzyBsdh/mO2V3ZZmX3QHyZsh60dINngD2jNQdW/vbNqqIbHfDuhE4jtmbxIelc6NXzBft5L1VWJxunAm2t7kRwbcRRWdQNaXnE/rRPwovWPI+odNwgNPP6xamDSfh5LgCEBIwI7s4hD2RBRarCXkgP/t7fWjYB8Z5rpOnaMIAGTBknmKmlvjDG1/wWAyDTuIcg9CLaWz6A8E1DOjSnDznxp2+Vh8sLzDcQwxWrCKQ4bDNbpL3MPtn0IEL8v7gCRyRr45nyyyXePGj6uJQ3mTu3iq28DkQtcHctEUWLXxbp66ozzktrPMSUEHj0ORaH/aXDQqZarjsf99qTLPsExJDKvEofrTr/ks0/8/ojQj4uQ2ZJGzKztjuR2NTqZEWmq6blYqlT1N4RVxg/n1fUWoXlpL31DoTesySlbypNQKROTyUUxEatCX/2STqwp4mwwM+TiirgVsM3AdOGa5mQNIYh3+enJA+RjIdWzRImjxxmdLeEDkXWnoQl6w5XSHxIHKZZ03deAUQK5cRF3Sn8rOEyQGeDjiy2o7S7UL8F+fgpcuiP9NHiCsJpl7F+LQ1LNjeGDSjFWwHaAXxttIG1hXLRdFvHB5HLskdAFcgisYWpkNQoQKEt9X7aDS8x7zsQJwrCzrBaTEMh+zSHGCpwApB3iqJDWlaARyJkW9vEhROnpAQllDbGhiHif3WupwUpS02hEgjcu6vVrRuKx0OcGJbSsFRfCWK7GQRFYW5tvG+Q8IZidnXj99q1HEzaARsWrDJv+rxE7Y+6W4qYlw0cW/73O7WF94q8uo+si08oupjpw3Fi2OBWg0mlZBqoWWLk7tzRWW6tFPV2GkN7ju5U7b0vqRY4IZANxogf23VTeeyPLvcWn64locrBui8IOxLTBOnqYrcJK6yIVF/PUOqqeyQMjI9jtMw1hP/+fZ9CDpLsXm6yBBzQF6TSrTag4Z824PitoOaBBn7Vx9rvG/rU8Vu+Z68j3LyX3MBU2WhdUWqqVFsNOFlYb3Z5dySbB8U7SZ1muw+EIcF4cEcVAW7A4OszQr9MRezcUKcaYc269pMeEpbUcK+K0pR8R4DvSKP/OWYs4ajrz/lRBImCidVbeslhPeF3H3blnQa0txVXD2izlNUPUIeS2nq4FThL7DxKXzUtMwcRwJJWIhYptmHYEdLuJcQ7E5BLJM0H2KC8/YuSYEyGNj3+HfIXhwKOPSL0alJs16lvxvEzm3gMosmiwCi8hze6aRS1uxco9sYRfuIhMj2O3zZ4zV9MBUyceT7FZhMOr4CdFSKgB+aW2LJgL8ljmrBy8G8YexQh4jgc+HA+655mBd1FWxhKllLCmlGaqKMCx8oYUHkqi8ziflWLY3QRM21ZkbziRH8WYYTsoHfzb7qfV9N2/ptojDsyvLed53kWu9kpamy4dcnhtP4UU49T16V86CKDt259hs8Z5nx2VaLqCcBilLghGDdx+p/j/qq+BdaY79NUce5KXjiXfuRtvZdqSjMqLeX52Wp176ycJ9TlCEPdCezaUjjStVmufJEaAoMMnmOvjB+6Jo5Hfnn0NNCUvBQDyYYJTub33AHAO+1mfBx+kE9oWLcurXIu92iZthhl0gr32eUMG7gcSl/mTc4eJFR4L+pwMY8IlxxiFFLsNPuCQaffas/Cgi4CNNOyui0cWOLgjnbWTImxVaUUDt40vKZP7oeSgAmyb2l9wOSlat6T3qSOfW7nBnx8459ZJPUKhJxuaBTo0pqwjnEI+YPtUtOHAsw16sto58Nq0EuP1HfSgHJxrUlDuOLtK933Cnd6AoRhOveUV9QtQlOx9RJBPZ6x1Ofs0VlEkZYgFa7Ajb1GhAByEm99GMTEAATLvavFaGgCB/WmJ1HSkUsQsB953qjzyOqVEz+o88xPYEXYk6J46LO4t1INBiIjfPehJ1bjvSMbLcrnoXQmcU/7dPAmxOxYbdExv138vVnjYR0MMYaSMPAbJ2R8T/Sw8VRQtwiGX5lv7dtEQBq8d9Ybgc2SKncqgg4Kih4kz66FRafRtt7UEhvkk0j75NIPomc8/3iK3/lPuvYSHS1HHX7FpcoUZ8a3c8spFfzpGTGwUF6dbANZOVtllct5FX9AEKjX2k5rLbwNxENy2RSSmZlR+eo7LgebxygpWMr6/wEbt4CAYragkR/NMyv7SZvRpMvBe0DJ+zdwd0WmW+7iWYjy1eJdbL2iVdKa8WeNZwt+g8leZdSjzu1nidK4n3lwys9oILD5NNkN0SzT0/sY4l1n8hlHweJR5BFnQ6TXF7kbAAAxOaV9cXBUIBaLzg1Vdm62FExYrCnH7fFIaXhoLVJl0yMfttRSNDaXVkd9xRznHlOxYVEi6mDPXhB36PfBwo4x/XYs5rdc3GoUsAdlPLTJWiyQ+49rXN7PDeIFssxwFZ9cEnnY5YOks3n2pQ8aBo15ROJVo1XJ626kzZ/VR+EgsMlHCrnXgyCW2OiFP6w46c0s7MnhfnDFNPBkQg5NGxsxQ+5iLDnCkzBBxIpfGf1e6RHnoWFxXgvV7+HfwlppQWawBT+CMyuJZh8WoU+uO7N24pwpwDk43iNOi41cfNCEjfhQmhxP2HmyFuNJICZl3Xop/NP4CboE2Oiw2c4P0mW3ZX5HZVxRuW4UwlYMJxbVh0EUfVw4SK0sKkooWzxcklnR1L6g4b7KiBziKQsDQRUUQ6U4KIYABrAVBJCNeagN0lqEFJOL8n2GfelI5B1EEL9SZ7j8b3B0XlMYohYj4SHTVTPo0dTOzsp+ruTjtgpBI743R+Vp3dyaPnUsgRoLyPt0GAgkuUQfFuLLtX+w0dTeskGi9PYgKSTpmkWUEE4cYpLvhqtiKjNwX2m/OScf1JNxTEGO4SE/sA7lGQLSbZDzi+laCuMfdlLA1y5QBKuhzf0L9iFpB5/AFkkL3Jd8/2E3dMkwBuslnSvDlWXH6w92gTcnKuEPMcbl86VVTvPNNkFuOjl/nIU2AVTdHGXDjKIBXWGF8rVHKNDg+LnF4AaRKFc07H1gqrVXIDbsigmv/Ga1kd2uAZCAhtlI4cbvXT1Y8twY/CvNoq15ASm7L0HuB4wN3U/yehtnTfKO3+Dbw9eh8YqnXImCxjEP8kqP8SaR15RHc6a8g5CTo8Htrrx2GmUhqu23ASMA4l0z6eznpbG7E0n9vHM+nLOOwuTmpMPy5puVd2yUpyFKUmTMl9VFqXM5OySCv1dRAkHAbgtrEQAnsnww==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></EncryptedAssertion>
Любые идеи, почему заголовок авторизации не проходит?
