检索的Shibboleth从AJP连接请求属性 [英] Retrieving Shibboleth attributes from AJP connector request
问题描述
与在Apache上运行的Shibboleth认证时Tomcat7在后端运行,阿帕奇通过的mod_proxy_ajp将一切工作的时候我遇到了一个奇怪的问题。因此它与Sibboleth参数。
I have encountered a weird problem when working with Shibboleth authentication running on Apache and when Tomcat7 running on the back end, Apache sends everything through mod_proxy_ajp. And so it does with parameters from Sibboleth.
在文档( https://wiki.shibboleth.net/confluence/display/ SHIB2 / NativeSPJavaInstall )则明确表示,AJP只发送preFIX属性属性preFIX =_ AJP
和开发人员不应该走捷径,使发送AUTH属性槽的HTTP标头( https://wiki.shibboleth.net/合流/显示/ SHIB2 / NativeSPSpoofChecking )
In the documentation (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall) it is explicitly stated that AJP sends only attributes with prefix attributePrefix="AJP_"
and that a developer should not take shortcuts and enable sending auth attributes trough HTTP headers (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking)
我尝试使用检索属性。
HttpServletRequest req = (HttpServletRequest) FacesContext.getCurrentInstance()
.getExternalContext().getRequest();
Enumeration<String> e = req.getAttributeNames();
但无论我怎么努力,没有Shibboleth的属性不断出现。
But no matter what I try, no Shibboleth attributes ever show up.
推荐答案
两个小时试图找出我在做什么错后。我试图用名字来检索属性。
After two hours of trying to find out what I was doing wrong. I tried to retrieve attribute by name using.
req.getAttribute("uid");
和出于某种原因,工程。尽管UID
不getAttributeNames()上市;
And for some reason that works. Even though the "uid"
isn't listed in getAttributeNames();
据闻起来像一个bug,或不合时宜通信AJP和Spring或JSF之间的某处...
It smells like a bug, or mistimed communication somewhere between AJP and Spring or JSF...
这篇关于检索的Shibboleth从AJP连接请求属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!