问题
I understand that configured attributes will be stored as environment variables by default and will be accessible like
request.getAttribute("Shib-Identity-Provider")
I tried that and after some googling I understood that to access them in Java through AJP.
I need to prefix this
<ApplicationDefaults id="default" policyId="default"
entityID="https://idp.example.org"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false" attributePrefix="AJP_">
I did that but I still keep getting null in my Java application
- Shib-Identity-Provider - null
- Shib-Session-ID - null
- Shib-Application-ID - null
Could someone help me figure out what I am missing to make it work?
回答1:
Make sure you have this field in you attribute map file.
1.1 And idP has to send the attribute too.
Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)
2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.
2.2 In your servlet/handler of /secure path try getting attribute as
request.getHeader("AJP_attrName")
.(Can try following too if this does not work a.
reqest.getAttribute("attr")
b.reqest.getAttribute("AJP_attr")
c.header.getAttribute("attr")
c.header.getAttribute("AJP_attr")
. I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)
回答2:
I missed the below config
<Location /appname>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
For Reference: https://wiki.surfnet.nl/display/surfconextdev/My+First+SP+-+Java
回答3:
I could get the values in Headers. For me below line worked which I added in tag
<Location /login >
AuthType Shibboleth
ShibRequireSession On
ShibUseHeaders On
require valid-user
</Location>
来源:https://stackoverflow.com/questions/38974233/shibboleth-sp-reading-assertion-attributes-from-java