131 lines
4.7 KiB
Plaintext
131 lines
4.7 KiB
Plaintext
<!---for debug--->
|
|
<cfinclude template="app_saml_config.cfm"/>
|
|
<cfinclude template="saml.cfm"/>
|
|
|
|
<cfset ksFile = CreateObject("Java", "java.io.File").init(request.SAML.KEYSTORE_FILE_NAME) />
|
|
<cfset ksInputStream = CreateObject("Java", "java.io.FileInputStream").init(ksFile) />
|
|
<cfset keystore = CreateObject("Java" , "java.security.KeyStore").getInstance("JKS") />
|
|
<cfset keystore.load(ksInputStream, request.SAML.KEYSTORE_PASS.toCharArray()) />
|
|
<cfset certificate = keystore.getCertificate(request.SAML.CERTIFICATE_ALIAS) />
|
|
<cfset privateKey = keystore.getKey(request.SAML.CERTIFICATE_ALIAS, request.SAML.KEY_PASS.toCharArray()) />
|
|
<cfset signingCertString = binaryEncode(certificate.getEncoded(),"base64") />
|
|
<cfset encryptionCertString = signingCertString/>
|
|
|
|
|
|
<cfset currentPageUrl = "#baseUrl##GetFileFromPath(CGI.script_name)#"/>
|
|
<cfset currentUTC = DateConvert("local2UTC", Now()) />
|
|
|
|
<!--- ------------------------------------------------- --->
|
|
<!--- ------------------------------------------------- --->
|
|
<!--- ------------------------------------------------- --->
|
|
|
|
<cfoutput><cfsavecontent variable="authnRequestXml"><?xml version="1.0" encoding="UTF-8"?>
|
|
<saml2p:AuthnRequest
|
|
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
|
|
ID="id#CreateUUID()#"
|
|
Version="2.0"
|
|
ProviderName="MMS Dev"
|
|
IssueInstant="#DateFormat(currentUTC,"yyyy-mm-dd")#T#TimeFormat(currentUTC,"HH:MM:ss")#Z"
|
|
Destination="https://sso.nubes.ru/adfs/ls/"
|
|
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
AssertionConsumerServiceURL="#baseUrl#sso.cfm">
|
|
<saml2:Issuer>#baseUrl#metadata.cfm</saml2:Issuer>
|
|
</saml2p:AuthnRequest>
|
|
</cfsavecontent></cfoutput>
|
|
|
|
<cflock scope="session" type="exclusive" timeout="3">
|
|
<cfparam name="session.SAML_NameID" default=""/>
|
|
<cfparam name="session.SAML_SessionIndex" default=""/>
|
|
|
|
<cfset SAML_NameID=session.SAML_NameID/>
|
|
<cfset SAML_SessionIndex=session.SAML_SessionIndex/>
|
|
</cflock>
|
|
|
|
|
|
<cfoutput><cfsavecontent variable="logoutRequestXml"><?xml version="1.0" encoding="UTF-8"?>
|
|
<samlp:LogoutRequest
|
|
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
|
ID="id#CreateUUID()#" Version="2.0"
|
|
IssueInstant="#DateFormat(currentUTC,"yyyy-mm-dd")#T#TimeFormat(currentUTC,"HH:MM:ss")#Z"
|
|
Destination="https://sso.nubes.ru/adfs/ls/">
|
|
<saml:Issuer>#baseUrl#metadata.cfm</saml:Issuer>
|
|
<saml:NameID>#SAML_NameID#</saml:NameID>
|
|
<samlp:SessionIndex>#SAML_SessionIndex#</samlp:SessionIndex>
|
|
</samlp:LogoutRequest>
|
|
</cfsavecontent></cfoutput>
|
|
|
|
|
|
<cfscript>
|
|
login64 = binaryEncode(deflate(authnRequestXml),"base64");
|
|
loginUrlEnc = urlEncodeRfc2396(login64);
|
|
loginSigAlgUrl= urlEncodeRfc2396('http://www.w3.org/2001/04/xmldsig-more##rsa-sha256');
|
|
loginRequest2Sign="SAMLRequest=#loginUrlEnc#&SigAlg=#loginSigAlgUrl#";
|
|
|
|
signedLoginUrlEnc = urlEncodeRfc2396(sign2base64(loginRequest2Sign,privateKey,'SHA256withRSA'));
|
|
loginRequest="#loginRequest2Sign#&Signature=#signedLoginUrlEnc#";
|
|
</cfscript>
|
|
|
|
|
|
<cfscript>
|
|
logout64 = binaryEncode(deflate(logoutRequestXml),"base64");
|
|
logoutUrl = urlEncodeRfc2396(logout64);
|
|
logoutSigAlgUrl= urlEncodeRfc2396('http://www.w3.org/2001/04/xmldsig-more##rsa-sha256');
|
|
logoutRequest2Sign="SAMLRequest=#logoutUrl#&SigAlg=#logoutSigAlgUrl#";
|
|
|
|
signedLogoutUrl = urlEncodeRfc2396(sign2base64(logoutRequest2Sign,privateKey,'SHA256withRSA'));
|
|
logoutRequest="#logoutRequest2Sign#&Signature=#signedLogoutUrl#";
|
|
</cfscript>
|
|
|
|
|
|
<cfdump var="#session#"/>
|
|
<cfoutput>
|
|
При обращении к этой странице используйте корректное имя хоста, которое зарегистрировано в ADFS!
|
|
<br/>
|
|
<cfif len(SAML_SessionIndex)><b>Logged in #SAML_SessionIndex#</b><cfelse><b style="color:red">Not logged in</b></cfif>
|
|
Текущий URL #currentPageUrl#
|
|
<br/>
|
|
SAML2 LOGIN:
|
|
<A HREF="https://sso.nubes.ru/adfs/ls/?#loginRequest#">Click Here to login</A>
|
|
#loginRequest#
|
|
|
|
|
|
|
|
<br/>
|
|
SAML2 LOGOUT:
|
|
<A HREF="https://sso.nubes.ru/adfs/ls/?#logoutRequest#">Click Here to logout</A>
|
|
<br/>
|
|
ADFS URL:
|
|
<A HREF="https://sso.nubes.ru/adfs/ls/">adfs url</A>
|
|
</cfoutput>
|
|
<br/>
|
|
<A HREF="https://sso.nubes.ru/FederationMetadata/2007-06/FederationMetadata.xml">ADFS (IdP) metadata</a>
|
|
<br/>
|
|
<A HREF="#baseUrl#metadata.xml">Own metadata</a>
|
|
|
|
|
|
|
|
<br/>
|
|
authnRequestXml:<br/>
|
|
-----------------<br/>
|
|
<cfoutput>
|
|
<pre>#xmlformat(authnRequestXml)#</pre>
|
|
</cfoutput>
|
|
-----------------<br/>
|
|
<br/>
|
|
logoutRequestXml:<br/>
|
|
-----------------<br/>
|
|
<cfoutput>
|
|
<pre>#xmlformat(logoutRequestXml)#</pre>
|
|
</cfoutput>
|
|
-----------------<br/>
|
|
<br/>
|
|
|
|
|
|
|
|
<br/>
|
|
form:<cfdump var=#form#/>
|
|
url:<cfdump var=#url#/>
|
|
session:<cfdump var=#session#/>
|
|
cookie:<cfdump var=#cookie#/> |