spid-compliant-certificates icon indicating copy to clipboard operation
spid-compliant-certificates copied to clipboard

Published 20 hours ago verified publisher icon italia

Valorizzazione <SignatureValue>

Open aresares opened this issue 3 years ago • 1 comments

Buongiorno, avevo una domanda riguardo la valorizzazione del tag <ds:SignatureValue> ????????? </ds:SignatureValue>. Cosa bisogna inserire dentro questo tag? Usando i script sono riuscito a generare le due chiavi key.pem e csr.pem ma non sparei come valorizzare SignatureValue

al momento il mio metadata è cosi

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://spid.mysp.it" ID="pfxac20eab3-d06c-0185-ce16-3a43c2f67504">
	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
		<ds:SignedInfo>
			<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>
			<ds:Reference URI="#pfxac20eab3-d06c-0185-ce16-3a43c2f67504">
				<ds:Transforms>
					<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
					<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
				</ds:Transforms>
				<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256"/>
				<ds:DigestValue>6c9ba317acb341997f3123653b091b7f6192dfd4bed1b8aad9e8b08e97ff4188</ds:DigestValue>
			</ds:Reference>
		</ds:SignedInfo>
		<ds:SignatureValue> ????????? </ds:SignatureValue>
		<ds:KeyInfo>
			<ds:X509Data>
				<ds:X509Certificate> .... </ds:X509Certificate>
			</ds:X509Data>
		</ds:KeyInfo>
	</ds:Signature>
	<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
		<md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate> ..... </ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:KeyDescriptor use="encryption">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate> .... </ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://spid.mysp.it/slo-location"/>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
		<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://spid.mysp.it/sso-location" index="1"/>
	</md:SPSSODescriptor>
	<md:Organization>
		<md:OrganizationName xml:lang="en-US">mysp</md:OrganizationName>
		<md:OrganizationDisplayName xml:lang="en-US">mysp</md:OrganizationDisplayName>
		<md:OrganizationURL xml:lang="en-US">https://spid.mysp.it</md:OrganizationURL>
	</md:Organization>
	<md:ContactPerson contactType="technical">
		<md:GivenName>XX YY</md:GivenName>
		<md:EmailAddress>[email protected]</md:EmailAddress>
	</md:ContactPerson>
	<md:ContactPerson contactType="support">
		<md:GivenName>XX YY</md:GivenName>
		<md:EmailAddress>[email protected]</md:EmailAddress>
	</md:ContactPerson>
</md:EntityDescriptor>

aresares avatar Aug 27 '21 13:08 aresares

usa un tool per la firma del metadata, all'interno di questo devi solo predisporre il template, guarda qui https://github.com/italia/spid-sp-test/tree/main/tests/metadata#metadata-signature

peppelinux avatar Aug 27 '21 14:08 peppelinux