I understand that configured attributes will be stored as environment variables by default and will be accessible like
request.getAttribute("Shib-Identity-Provider")
I tried that and after some googling I understood that to access them in Java through AJP.
I need to prefix this
<ApplicationDefaults id="default" policyId="default"
entityID="https://idp.example.org"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false" attributePrefix="AJP_">
I did that but I still keep getting null in my Java application
- Shib-Identity-Provider - null
- Shib-Session-ID - null
- Shib-Application-ID - null
Could someone help me figure out what I am missing to make it work?
Make sure you have this field in you attribute map file.
1.1 And idP has to send the attribute too.
Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)
2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.
2.2 In your servlet/handler of /secure path try getting attribute as
request.getHeader("AJP_attrName").(Can try following too if this does not work a.
reqest.getAttribute("attr")b.reqest.getAttribute("AJP_attr")c.header.getAttribute("attr")c.header.getAttribute("AJP_attr"). I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)
I missed the below config
<Location /appname>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
For Reference: https://wiki.surfnet.nl/display/surfconextdev/My+First+SP+-+Java
I could get the values in Headers. For me below line worked which I added in tag
<Location /login >
AuthType Shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
来源:https://stackoverflow.com/questions/38974233/shibboleth-sp-reading-assertion-attributes-from-java