Shibboleth SP - Reading assertion attributes from Java

好久不见. 提交于 2019-12-02 19:40:57

问题


I understand that configured attributes will be stored as environment variables by default and will be accessible like

request.getAttribute("Shib-Identity-Provider")

I tried that and after some googling I understood that to access them in Java through AJP.

I need to prefix this

<ApplicationDefaults id="default" policyId="default"
    entityID="https://idp.example.org"
    REMOTE_USER="eppn persistent-id targeted-id"
    signing="false" encryption="false" attributePrefix="AJP_">

I did that but I still keep getting null in my Java application

  • Shib-Identity-Provider - null
  • Shib-Session-ID - null
  • Shib-Application-ID - null

Could someone help me figure out what I am missing to make it work?


回答1:


  1. Make sure you have this field in you attribute map file.

    1.1 And idP has to send the attribute too.

  2. Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)

    2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.

    2.2 In your servlet/handler of /secure path try getting attribute as request.getHeader("AJP_attrName").

    (Can try following too if this does not work a. reqest.getAttribute("attr") b. reqest.getAttribute("AJP_attr") c. header.getAttribute("attr") c. header.getAttribute("AJP_attr"). I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)




回答2:


I missed the below config

<Location /appname>
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    require valid-user
</Location>

For Reference: https://wiki.surfnet.nl/display/surfconextdev/My+First+SP+-+Java




回答3:


I could get the values in Headers. For me below line worked which I added in tag

<Location /login >
    AuthType Shibboleth
    ShibRequireSession On
    ShibUseHeaders On
    require valid-user
</Location>


来源:https://stackoverflow.com/questions/38974233/shibboleth-sp-reading-assertion-attributes-from-java

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!