5
我正在创建一个允许用户与安全服务器进行交互的iPhone应用程序。但是,要验证用户,应用程序需要通过SAML从用户登录到服务器的数据所在的服务器(提供SSO)。因此,该应用程序模仿发送SAML HTTP请求(通常浏览器会照顾)。如何使用NSURLConnection发布SAML响应消息?
该过程使用Mechanize gem与Ruby一起工作,但现在我无法使用NSURLConnection在iPhone上工作。
我碰到的问题是:似乎base64编码的SAML响应没有通过NSURLConnection正确发送到服务器。 +号被空格替换,导致服务器端的SAML响应解码失败。对stringByAddingPercentEscapesUsingEncoding使用URL编码会导致相同的解码错误。
这是代码提取和发送SAML响应:
// Extract the SAML Response from the form that is sent by the server
body = [[NSString alloc] initWithData:[self receivedData] encoding:NSUTF8StringEncoding];
NSString *searchSAMLResponseStart = @"name=\"SAMLResponse\" value=\"";
NSString *searchSAMLResponseEnd = @">\n<NOSCRIPT><INPUT TYPE=\"SUBMIT\"";
NSRange samlResponseStartRange = [body rangeOfString:searchSAMLResponseStart options:0];
NSRange samlResponseEndRange = [body rangeOfString:searchSAMLResponseEnd options:0];
NSRange range = NSMakeRange (NSMaxRange(samlResponseStartRange), samlResponseEndRange.location - NSMaxRange(samlResponseStartRange) -1);
NSString* samlResponseString = [body substringWithRange:range];
// Construct the SAML POST request
NSURL *url;
NSMutableURLRequest *request;
url = [NSURL URLWithString:kSamlPostUrl];
request = [NSMutableURLRequest requestWithURL:url];
NSString *userAgent = kUserAgent;
[request setValue:userAgent forHTTPHeaderField:@"User-Agent"];
[request setHTTPMethod:@"POST"];
NSString *post = [@"RelayState=https://example.com&SAMLResponse=" stringByAppendingString:samlResponseString];
NSData *postData = [post dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:NO];
NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:postData];
// Send the request
self.connectionPostSaml = [NSURLConnection connectionWithRequest:request delegate:self];
的SAML表单服务器发送并在SAML响应摘自,看起来是这样的:
<html>
<HEAD><META HTTP-EQUIV='PRAGMA' CONTENT='NO-CACHE'><META HTTP-EQUIV='CACHE-CONTROL' CONTENT='NO-CACHE'><TITLE>SAML 2.0 Auto-POST form</TITLE></HEAD>
<body onLoad="document.forms[0].submit()">
<NOSCRIPT>Your browser does not support JavaScript. Please click the 'Continue' button below to proceed. <br><br></NOSCRIPT>
<form action="https://sso.example.com/saml2" method="POST">
<input type="hidden" name="RelayState" value="https://example.com">
<input type="hidden" name="SAMLResponse" value="PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl
c3RpbmF0aW9uPSJodHRwczovL3Nzby5vcG93ZXIuY29tL3NwL0FDUy5zYW1sMiIgSUQ9Il85ZWY0
M2MzMGRkZmQ0YzY1ODNiMjgxZjAwNDU5ZWQyMjZmMjQiIElzc3VlSW5zdGFudD0iMjAxMi0wMy0y
OFQyMTo0MDowNloiIFZlcnNpb249IjIuMCI+CiAgICA8bnMxOklzc3VlciB4bWxuczpuczE9InVy
bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5h
bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5wZ2UuY29tPC9uczE6SXNzdWVy
(…)
cnRpb24+CjwvUmVzcG9uc2U+">
<NOSCRIPT><INPUT TYPE="SUBMIT" VALUE="Continue"></NOSCRIPT>
</form>
</body>
</html>
而且服务器收到POST请求后产生的错误:
Unable to parse incoming SAML2 message, raw: PFJlc3BvbnNlIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERl
c3RpbmF0aW9uPSJodHRwczovL3Nzby5vcG93ZXIuY29tL3NwL0FDUy5zYW1sMiIgSUQ9Il9iN2Q5
OTZhMmI1MjhiNWRkNjY0YWM4YjUwZmVjM2M2OTMzMWEiIElzc3VlSW5zdGFudD0iMjAxMi0wMy0y
OVQyMjowMzoxNVoiIFZlcnNpb249IjIuMCI CiAgICA8bnMxOklzc3VlciB4bWxuczpuczE9InVy
bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5h
bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5wZ2UuY29tPC9uczE6SXNzdWVy
PgogICAgPFN0YXR1cz4KICAgICAgICA8U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVz
OnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8 CiAgICA8L1N0YXR1cz4KICAgIDxuczI6QXNz
(…)
请注意t他在原始回应中的标志被改为空格。
这似乎是服务器解码接收到的响应,因此用空格替换+符号的正常行为:但是,为什么当SAML表单从浏览器发布,而不是从NSURLConnection发布时,它工作?使用不同的编码来解码和编码SAML响应
:
为了解决我尝试。现在,使用NSUTF8StringEncoding,也尝试:NSASCIIStringEncoding,NSNEXTSTEPStringEncoding,NSNonLossyASCIIStringEncoding,NSUnicodeStringEncoding
使用stringByAddingPercentEscapesUsingEncoding,所以这行代码:
的NSString * samlResponseString = [身体substringWithRange:范围];
变为:
NSString* samlResponseString = [[body substringWithRange:range] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
- 使用其他enctypes的形式,但服务器甚至不会接受这些要求: 的multipart/form-data的 text/plain的
我非常感谢你的帮助。先谢谢你!