阅读背景:

Amazon AWS从安全令牌服务请求令牌

来源:互联网 

I'm trying to sign an amazon sts token request to get temporary access to my S3 account. I've been following the instructions for Signature Version 4 with no luck.

我正在尝试签署amazon sts令牌请求以获得对我的S3帐户的临时访问权限。我一直在遵循签名版本4的指示,没有任何运气。

I am constantly getting this message back from amazon sts.

我不断地从亚马逊sts中得到这个信息。

<Code>IncompleteSignature</Code>

<代码> IncompleteSignature < /代码>

<Message>Request must contain a signature that conforms to AWS standards</Message>

请求必须包含符合AWS标准的签名

Here is the url request that I am sending.

这是我正在发送的url请求。

https://sts.amazonaws.com/?AWSAccessKeyId=**********&Action=GetFederationToken&DurationSeconds=3600&SignatureMethod=HmacSHA256&SignatureVersion=4&Timestamp=2013-04-23T19:01:00Z&Version=2011-06-15&Signature=2fc3dc902a20a5aa25c3191f2aa6513088e11596082b6a563b00dc5ea4b8bfa0

Following the steps for Signature Version 4 this is how I calculated the signature.

按照签名版本4的步骤,我就是这样计算签名的。

https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html

https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html

Task 1:

任务1:

GET\n
/\n
AWSAccessKeyId=<Access Key Removed>&
Action=GetFederationToken&
DurationSeconds=3600&
SignatureMethod=HmacSHA256&
SignatureVersion=4&
Timestamp=2013-04-23T19:01:00Z&
Version=2011-06-15\n
host:sts.amazonaws.com\n
host\n
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Task 2:

任务2:

AWS4-HMAC-SHA256\n
20130423T190100Z\n
20130423/us-gov-west-1/sts/aws4_request\n
5e769aeb49a050fd7cd1035122712098fd83220ea42a0d9871f0ff2fa622b1c6

Task 3:

任务3:

Signature: 2fc3dc902a20a5aa25c3191f2aa6513088e11596082b6a563b00dc5ea4b8bfa0

Any help would be greatly appreciated I've been working on this with no luck so far. Thanks in advance :)

如果有任何帮助,我将非常感谢,我一直在做这件事,到目前为止没有运气。提前谢谢:)

2 个解决方案

#1


2  

Just making a note here I was finally able to get a token by altering my request. In case this will help anyone else who is having the same problem. I was not able to find much help in the documentation but by continually modifying my request I was finally able to get helpful error messages back from the server. The most important message was the final one which gives you exactly what the request signature and string to sign should be.

我在这里做了一个笔记,通过修改请求,我终于得到了一个令牌。如果这能帮助其他有同样问题的人。我无法在文档中找到很多帮助,但通过不断修改请求,我终于能够从服务器获得有用的错误消息。最重要的消息是最终的消息,它给出了请求签名和要签名的字符串的确切位置。

This specifically applies to retrieving a federation token from Amazon Secure Token Service.

这特别适用于从Amazon安全令牌服务检索联合令牌。

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'GET
/
Action=GetFederationToken&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAXXXXXXXXXWIQ%2F20130424%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=20130424T183200Z&X-Amz-SignedHeaders=host%3Bx-amz-date
host:sts.amazonaws.com
x-amz-date:

host;x-amz-date
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20130424T183200Z
20130424/us-east-1/sts/aws4_request
3eb22aba7f25dd4e01be888added6f74db579bdf0d066d2b1f75779a25b1300d'

And here is the URL that was used.

这里是使用的URL。

https://sts.amazonaws.com/?Action=GetFederationToken&Name=Megan&Version=2011-06-15&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIXXXXXXXXXXWIQ%2F20130424%2Fus-east-1%2Fsts%2Faws4_request&X-Amz-Date=20130424T183200Z&X-Amz-SignedHeaders=host%3Bx-amz-date&X-Amz-Signature=db754013466768c11a86a610796faad6a041bcad9d83f4c958cac82988d2f7d7

https://sts.amazonaws.com/?action=getfederationtoken&name=megan&version=2011 - 06 - 15 x -湄京algorithm=aws4 hmac - sha256&x,湄京- credential=akixxxxxxxxxxwiq%2f20130424%2fus -东- 1% - 2 - fsts%2faws4_request&x湄京- date=20130424t183200z&x湄京- signedheaders=host%3bx湄京日期x -湄京signature=db754013466768c11a86a610796faad6a041bcad9d83f4c958cac82988d2f7d7

#2


1  

Amazon S3 does not currently support Signature Version 4. Please see the S3 documentation for currently supported signing algorithm:

Amazon S3目前不支持签名版本4。请参阅S3文档,了解当前支持的签名算法:

https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html

EDIT: Sorry for misreading your initial request. You have a number of incorrect assumptions about the STS request that are causing problems in your signature calculation:

编辑:对不起,误读了您的初始请求。您对STS请求有许多不正确的假设,导致您的签名计算出现问题:

  1. The operation is POST
  2. 操作后
  3. The only supported region for STS is us-east-1.
  4. STS唯一支持的区域是us-east-1。
  5. The date must be included in the headers to sign
  6. 日期必须包含在要签名的页眉中

While I understand you may not want to use an SDK, they will give illustrative examples on how to generate the signature.

虽然我知道您可能不希望使用SDK,但是他们将给出如何生成签名的示例。

Below is an example I pulled from our iOS SDK.

下面是我从iOS SDK中提取的一个例子。

Canonical Request:

规范要求:

POST\n
/\n
\n
host:sts.amazonaws.com\n
x-amz-date:20130424T164023Z\n
\n
host;x-amz-date\n
HASH_REMOVED\n

String to sign:

字符串签署:

AWS4-HMAC-SHA256\n
20130424T164023Z\n
20130424/us-east-1/sts/aws4_request\n
HASH_REMOVED

分享到: