[foaf-protocols] FOAF+SSL delegation: logging in to an HTTP server

Bruno Harbulot Bruno.Harbulot at manchester.ac.uk
Wed Mar 25 00:28:12 CET 2009


Hi all,

I've just done a Java implementation of what I had described in 
<http://lists.foaf-project.org/pipermail/foaf-protocols/2009-March/000378.html> 
(and discussed again in the e-mail I'm replying to.)


This implementation is available in a Git repository (but tar files can 
also be downloaded) at: 
<http://git.kato.mvc.mcc.ac.uk/bruno/samlredirector.git/>

There are SAML libraries for PHP which should be able to interact with 
this (either as IdP or SP).


Best wishes,

Bruno.



Here is part of the README file:
This is a Identity Provider (IdP) and a Service Provider (SP) 
implementation to allow an non-SSL website (the SP) to use a FOAF+SSL 
trusted authenticator site (the IdP).

This uses the SAML HTTP Redirect Binding [1] (Section 3.4).

The implementation is based on OpenSAML [2] (which uses Apache XML 
security, Santuario [3]) and on the FOAF+SSL verifier in the Sommer 
project [4]. The tests also use BouncyCastle, Jetty, Restlet and jSSLutils.


[1] <http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf>
[2] <http://www.opensaml.org/>
[3] <http://santuario.apache.org/>
[4] <http://sommer.dev.java.net/>


__ Status __

This is work in progress, but this should provide the minimum required 
for Servlet integration.
The Restlet integration is a very early draft.

Both the SP servlet and the IdP servlet come with jUnit tests which
demonstrate how they work.


__ Sample SAML assertion __

___ Signed response ___

<?xml version="1.0" encoding="UTF-8"?><samlp:Response 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
Destination="http://sp.example.com/sp/" Version="2.0"><saml:Assertion 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
Version="2.0"><saml:Issuer 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://idp.example.org/idp/</saml:Issuer><ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces 
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds 
saml"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ttiIKi8K9Ls5i2djIJO65EOzUBI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
nsjRKNMRxDXrtcsFrgNDX4Zh0ZwsRyubaGrXQbfphoH+iVbjimpUrb5VXwwUi1Y5cKp4t4khVT05
yEoqz9teovrPdMz3N5UYfYixENv52p896A2sHlSDkpg6pZq7MOOxlDhhQEN/efieRaWnvDYd6ow6
Tm35u2tCH6eC4B/QapI=
</ds:SignatureValue>
<ds:KeyInfo><ds:KeyName>http://idp.example.org/idp/#pubkey</ds:KeyName></ds:KeyInfo></ds:Signature><saml:Subject 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:NameID>http://foaf.example.net/bruno#me</saml:NameID></saml:Subject><saml:Conditions 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:AudienceRestriction><saml:Audience>http://sp.example.com/sp/</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement 
AuthnInstant="2009-03-24T22:34:20.579Z" 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/></saml:Assertion></samlp:Response>


Because we assume the SP trusts only one IdP (and the SP knows the IdP's
public key), we can omit the key value in <ds:KeyInfo/>. We just use a 
name as an indication.


___ Signed assertion, without the signature ___

<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
Version="2.0">
   <saml:Issuer>http://idp.example.org/idp/</saml:Issuer>
   <saml:Subject>
     <saml:NameID>http://foaf.example.net/bruno#me</saml:NameID>
   </saml:Subject>
   <saml:Conditions>
     <saml:AudienceRestriction>
       <saml:Audience>http://sp.example.com/sp/</saml:Audience>
     </saml:AudienceRestriction>
   </saml:Conditions>
   <saml:AuthnStatement AuthnInstant="2009-03-24T22:34:20.579Z"/>
</saml:Assertion>


This gives:
   - the ID of the subject:
         <saml:NameID>http://foaf.example.net/bruno#me</saml:NameID>
   - an authentication with a time:
         <saml:AuthnStatement AuthnInstant="2009-03-24T22:34:20.579Z"/>
   - the intended audience for this assertion:
         <saml:Audience>http://sp.example.com/sp/</saml:Audience>


___ URL query encoding ___

The SAML assertion above is encoded in the query in this form:

http://sp.example.com/sp/?SAMLResponse=nVVdc6owEH3vr2Dw0dGAOtUyakettl61Xr%2
BrbwgLRCFBEvz69RcQ1Dptp9c3Ttg952x2k5Sf944tbMFjmJKKKGclUQCiUR0TsyJOxq1MSXyul
pnq2K4yBOZSwkAIcghTosWK6HtEoSrDTCGqA0zhmjKq9bpKLisprkc51agtCi%2FAOCYqj2Qszl
0FIeZmYa86rg1ZjToBRKIwTawE6eJJWKkxBl6YeSX8s66aZHxN2GbMB%2B8OtmrsHOsX69QzQ4z
K6Iq7WtaZMsJmULHvJRums3Ppu90uu8tHuTlJkpD0hIIYnWEzJVYfkmTQ28SgJ9xQCSVYU218jH
axB9yiulCzTephbjnfUMtIlkLqDOy1jCYXSEpEF4HI3S%2BZPpn0mJphlionZEMwwAsGB4TJsF0
R4xrGnkqYQT2H3eD%2FEwOyBZu6oGdY4jnR%2FT3jFxtRLYOmtIlm%2Bwxv4T3su6tqwOJ2gfZ7
KuGvBwbedzHjFVFnQjgKgccyuvYYWEZf7MoLNoPDcU8XrjtwYpmqtg%2FVnL%2BepBedBd036Oq
Psd%2Fw90G6JffdhVmJLFwHn0ydGxjj2%2FE7T0ucBA3UYz0q9%2BdzsiweCpvWZHWU0ofSUZo8
pruIbda8Dmbf4MXVfJ%2Fu6HmnVp806yQ9p48z3IZZv7iytMOe4PnDoH%2FsNZuvfD2SUTPnrTb
dFeeb1oc5G3WOb9bbcFfczM2Ws5Hr3W2zNl4ZVrvbHNRaaTI4OppmOaUPKk2nhy16feBzS5%2B9
48OyOMnX60XyWBtULjVd1xDW1YFDVGT8HQ7BT4c85frLNRwiuiQ8ASeeT0LxfTPylyvQ%2BD0Xz
okg1Gm%2FJMYMqhpnZwQ4Wno%2BoSkH4isojo5RLB4zNSjRcUjN7ndT83UcjkrwHnAPa%2BGvmz
%2FVb2%2F42NQ58AZ%2FokQ3js8i3CIjrnJwgHAhgm3CuEqCsxcckaeMlM%2FkCuNcTskXlHwx%
2ByiXFuId5aKzu2QpXrg8hdV%2F

This makes a query parameter which is about 1000-character long.



Bruno Harbulot wrote:
> Hi Toby and Melvin,
> 
> Toby Inkster wrote:
>> Started writing this yesterday, but then I decided to stop and come back
>> to it later. Haven't had an opportunity to put any more thought into it
>> yet, but thought I'd forward my thoughts so far...
>>
>> On Wed, 2009-03-18 at 00:54 +0100, Melvin Carvalho wrote:
>>> 1. Consumer redirects User Agent to a FOAF+SSL service provider with
>>> known public key
>>> 2. User authenticates, and service provider signs the webid with
>>> private key, redirecting User Agent back
>>> 3. Consumer decodes with public key authenticates as webid
>>>
>>> Issue: possible replay attack, but this can be repelled by also
>>> sending a timestamp/nonce pair to be encoded also
>> This will work. Possible version avoiding replay attacks would be:
>>
>> Service Provider (SP): website wanting to provide an authenticated
>> service, but lacking the ability to provide HTTPS in general, or FOAF
>> +SSL in particular. We'll assume their domain name is example.org.
>> User: person with a FOAF+SSL-enabled certificate installed in their
>> browser, and wishing to use SP's service.
>> Authentication Service (AS): suitable FOAF+SSL website. We'll assume
>> their domain name is secure.example.net.
>>
>> 1. AS provides SP with its public key. This is done beforehand.
>>
>> 2. SP publishes a public key at http://example.org/key.txt (or any other
>> URI at their domain). This is done beforehand.
>>
>> 3. SP redirects User to http://secure.example.net/as, providing AS with
>> the following parameters in the query string. An [e] indicates that a
>> field is encrypted using AS's public key and signed using SP's private
>> key:
>>
>>    * Return URI (URI it wants the User to ultimately end up at) [e]
>>    * Current timestamp [e]
>>    * Public Key URI
> 
> I'm not sure we need to encrypt and sign here. The request to the AS 
> will be done over SSL between the user's browser and the AS. The return 
> URI will be the same as the one the user was trying to access in the 
> first place (so someone between the user and the SP would know it anyway).
> 
> For this reason, I don't think the AS needs to know the SP's public key: 
> steps 2, 3(e), 5, 6 and encryption in 8 (not signing) could be removed. 
> (Unlike Shibboleth, which discloses only certain attributes to certain 
> SPs, we're just verifying the ID here. The SP can get further 
> information from the FOAF files itself later.)
> 
> If we do want encryption of the WebID between the user's browser and the 
> SP in 8, we need to use the SP's public key indeed. My guess is that, 
> since the communication between the user and the SP would be encrypted 
> anyway, an eavesdropper could find out the WebID quite easily 
> (especially if the page says "Welcome <http://example.com/#user>!").
> 
> 
>> 4. AS authenticates User with FOAF+SSL. It may offer additional
>> services, such as alternative authentication methods if the user has no
>> FOAF+SSL certificate installed in their browser.
>>
>> 5. AS fetches SP's public key (preferably checking a cache first) and
>> decrypts the other request fields.
>>
>> 6. If the host name of the return URI and the host name of the public
>> key URI do not match, AS raises an error. (Is this unnecessary?)
>>
>> 7. If the current timestamp param is "old", then AS raises an error.
>>
>> 8. AS redirects User to the return URI passing additional query string
>> parameters. An [E] indicates that a field is encrypted using SP's public
>> key and signed using AS's private key:
>>
>>    * Current timestamp [E]
>>    * User's WebID [E]
>>
>> This should make it possible for any service provider to use the AS
>> without having to pre-register any encryption secrets with the AS.
> 
> We could use a nonce instead of the timestamp to prevent replay attacks.
> 
> If using SAML, the response could look like Section 3.1.2.1 of 
> <http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-protocols-200509.pdf> 
> (with a much simpler <saml:Assertion>/<saml:Subject> that would only 
> contain the WebID).
> The downside of this type of response is that it's still a bit big for 
> being passed as a query parameter (hence the reliance on automatic POST 
> upon a GET in Shibboleth).
> 
> 
> Best wishes,
> 
> Bruno.
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols


More information about the foaf-protocols mailing list