如何自动获取SP提供的的ACS地址?

问题描述

我使用了go的crewman/saml作为SP,在samlsp.Middleware中定义了本机地址作为Custom ACS URL,然后跳转到Authing的SAML登录端点进行登录,登录成功后返回错误信息“未找到ACS地址”。

重现步骤

经过调试,我发现必须在SAML协议配置页的ACS手动填入我的ACS地址才可以成功登录,但是这样的话我的SP端传入的ACS地址不就没用了吗?想问问有没有方式可以让Authing自动识别我的SP发送的ACS地址,并向该ACS地址发送SAML response,而不是在SAML配置页手动加入ACS地址

附加信息

  • Version:
  • Platform:

配置页可以填多个,将需要的 acs 地址都填入就能识别,如果无法在已配置列表中匹配传入的地址,就会选用默认的

不好意思,您可能没有理解我的意思,我的目的是不想手动填入ACS地址,而是希望在saml request中携带acs地址信息,authing在收到request后就可以直接获取到ACS地址

另外,因为我的SP端没有使用authing提供的SDK,而是使用了开源的crewman/saml库来生成和发送saml request,请问authing是可以正确识别并返回saml response的吧?

我理解,这个 acs authing 可以从 Request 中获取到,但是考虑安全因素,这个地址必须预先填写到 authing;authing 能识别标准的 SAML Request,不一定要用 authing 的 SDK 生成。

那如果我将SAMLrequest加密,并且在请求头里面的 Content-Security-Policy字段设置了加密方式
{
" Content-Security-Polic":“default-src; script-src ‘sha256-AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=’; reflected-xss block; referrer no-referrer;”
}
authing也是可以识别并返回SAML response的吧?如果是的话,请问返回的SAML response是加密还是未加密的呢?

现在我的SP收到的SAMLResponse是一串乱码,请问该如何解析为XML格式呢?

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJwZnhjNDIxYjQ3MC04N2YyLTQ3ZWQtYjViMS0yYzE4NDM4ZjNiNGUiIEluUmVzcG9uc2VUbz0iaWQtMzU1ZWYzNmFlMzM0NzJjNjAyNDU2ODQ1ZGY4OTczNDk4MzUwMjNkNSIgSXNzdWVJbnN0YW50PSIyMDI0LTA5LTEyVDA2OjU3OjQzLjM5NloiIFZlcnNpb249IjIuMCIgRGVzdGluYXRpb249Imh0dHA6Ly8xODAuNzYuNTYuMTMzOjEyMDExL3YxL3Nzby9zYW1sL2FjcyIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BPHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHBzOi8veHBrZ3QycnV2dXNoLmF1dGhpbmcuY248L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0icGZ4ZTE1MDI2ZmUtOWM1MC00ZTA2LWJiMzYtMzk3OTJiZmZhYmRiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNC0wOS0xMlQwNjo1Nzo0My4zOTZaIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpJc3N1ZXI%2BaHR0cHM6Ly94cGtndDJydXZ1c2guYXV0aGluZy5jbjwvc2FtbDpJc3N1ZXI%2BPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI%2BPGRzOlNpZ25lZEluZm8%2BPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8%2BPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhlMTUwMjZmZS05YzUwLTRlMDYtYmIzNi0zOTc5MmJmZmFiZGIiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM%2BPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8%2BPGRzOkRpZ2VzdFZhbHVlPjlHcyt0SFRhb25obyt1ZHh3emk4MVdiaEw5TT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU%2BYzJPY2poYmhqTjA4K1JWL0ZkdGljbEErVHZXbm1FSlRHOW5GbVQ3N2NWakhvTVhWRTV0b2VCak5yblVHZUJhT3RUeGNYMGJkQncyOGJMTktXa01KSGhpbW5pWnQwRHVaWkh6QWlXWXl5WFJDcGZON2o2VXIvWkFtRGN4T1ZNak94Qk93bWlXclJqVFlvYVgvYXdVaWRidFh5SytKN0dMSXVoOFJKN1ovUmZBbUpyQ1pNSENENzVOK3ZCY2ZiRHVHejNiVTJoQTBaeEF5M0Z5aWxodkJRbXYzQ0ROSnQ1QVFBNUZZRG1HcXFVZzh3MVdoQkxpVmEwVGlQamdTVDNzQVp6MWNtczVxNU5MVlYxb05jVjNZeVJjQ1IxRmNRelpxU2YwVjQ0R1pROHZ6ZUhrTEpSRFRUakRrMU1GeStOY3lpNllNZldaZjFPUXdTTDNWK1JjS3hBPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURIakNDQWdhZ0F3SUJBZ0lISGx5VUl6WTRuVEFOQmdrcWhraUc5dzBCQVFzRkFEQXZNU0F3SGdZRFZRUURFeGQ0Y0d0bmRESnlkWFoxYzJndVlYVjBhR2x1Wnk1amJqRUxNQWtHQTFVRUJoTUNRMDR3SGhjTk1qUXdPREk1TVRFek5URTVXaGNOTXpRd09ESTVNVEV6TlRFNVdqQXZNU0F3SGdZRFZRUURFeGQ0Y0d0bmRESnlkWFoxYzJndVlYVjBhR2x1Wnk1amJqRUxNQWtHQTFVRUJoTUNRMDR3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREJmLzJZajRIdERGbXVMYUJNRnBMYmxaQjFTVXZLeWNYWkM1a010QVhyazcvL3UwSndEWk8waU5Ea2NTMVorczIvQmtDQmdjZEtuZ0Y3eTU3YUxDdHdGSWZNVFBTNlJSdUV3T0p3Qmw0U1VrSDlkeE5LV1BPeWZzRE9MM2FQcExUc0VhU3c5MlhFNHBrV2NpUEUxTDVOZlBVcTJRM2NES2JqbDJMQVlpZHdkR3I3VjhNck1HZlQzNkRlbHM5RE9SRDNDTFhPZDh6WVJXRXJHTUYvdnAxWVVrc3dMb0tTL3RvQ0NsR01SZElpYXBGc3BSQktEdWhMcWlPM0RVTkNOZTR1aWpOMmVhMkN4M3duSUR5eXk2a2FONC9MK0lsK1dLdENUWVB3TW9MQzhvb3Z1WGlXYTBlbVdJVDhucStVc3FBME1tV0ROMlVua1VXbHZheCs4ekdGQWdNQkFBR2pQekE5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3Q3dZRFZSMFBCQVFEQWdLRU1CMEdBMVVkRGdRV0JCUzJUaS9JZXZPVjV2Smk4dEZnOTA0cUJId2ZuVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBcVlzVkR3VmwwUFdCU0o3Wkdqa0FGRXg2cDFKdHZ4RGUxQUZmZ0lZa2w5SmdQOEdyYkhPZDVWdC9YLzlXOGpYanNnRUFRQUdPa29wRFpuRnhmcXFmMm56ZGxWZDF1RnRJOXFSdVV1ZzFJbkpnVVY2S2VGcDQ0Q0JieFZ5T3JBQ3MzL1NKaXFFT2YwTzV1OGhUZG0wMlV1WkdvTmVwOFJRMUhWR3pOTUdJNFE0cUZBMEdVaDVhWnliNnBuRm92UjR4enJKYzRjSllRYUR5cWhsM0RhaVN6VC9kd0ZwWklXclpqaTllanA0Q0gzWlZKRjFEN2NMckM0QVVUdFFUdXhYMXBzTExrYUdnREtBU0FBcnI0dGhqdzVvMVdRMDZLa2lqOTYzOXNzaWlrQUtTQ3JzTDRGdUp2QmVZT05iRHFrTmx0SWhWcFNGOG01Rk4vU3dXd1N5V093PT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHA6Ly8xODAuNzYuNTYuMTMzOjEyMDExL3NhbWwvbWV0YWRhdGEiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPjY2Y2M0Mjk3NzQ4ZWI4OTE4MDFkNzQ2Yzwvc2FtbDpOYW1lSUQ%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iaWQtMzU1ZWYzNmFlMzM0NzJjNjAyNDU2ODQ1ZGY4OTczNDk4MzUwMjNkNSIgUmVjaXBpZW50PSJodHRwOi8vMTgwLjc2LjU2LjEzMzoxMjAxMS92MS9zc28vc2FtbC9hY3MiIE5vdE9uT3JBZnRlcj0iMjAyNC0wOS0xMlQwNzo1Nzo0My4zOTZaIi8%2BPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjQtMDktMTJUMDY6NTc6NDMuMzk2WiIgTm90T25PckFmdGVyPSIyMDI0LTA5LTEyVDA3OjU3OjQzLjM5NloiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BaHR0cDovLzE4MC43Ni41Ni4xMzM6MTIwMTEvc2FtbC9tZXRhZGF0YTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjQtMDktMTJUMDY6NTc6NDIuNjIwWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyNC0wOS0yNlQwNjo1Nzo0Mi43NzlaIiBTZXNzaW9uSW5kZXg9IlZEV1NkUWMtYjZCeG95UGpRVzJLRDc5ZGg2aXJjZ29hIj48c2FtbDpBdXRobkNvbnRleHQ%2BPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2BPC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJwaG9uZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xNzc5MzExNzMwMDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJyZXNvdXJjZV9saXN0IiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVuZGVmaW5lZDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg%3D%3D&RelayState=CIFJ6gy7bs4AELwfopceQmgOrMyJXeEVnWPPEQgsFytmdnyX2KArPz6M

可以去 https://www.samltool.com/ 解码,代码层面的话你的 SP 包应该有这种工具函数吧,可以手动 base64 解码试下