检索的Shibboleth从AJP连接请求属性 [英] Retrieving Shibboleth attributes from AJP connector request

问题描述

与在Apache上运行的Shibboleth认证时Tomcat7在后端运行，阿帕奇通过的mod_proxy_ajp将一切工作的时候我遇到了一个奇怪的问题。因此它与Sibboleth参数。

I have encountered a weird problem when working with Shibboleth authentication running on Apache and when Tomcat7 running on the back end, Apache sends everything through mod_proxy_ajp. And so it does with parameters from Sibboleth.

在文档（ https://wiki.shibboleth.net/confluence/display/ SHIB2 / NativeSPJavaInstall ）则明确表示，AJP只发送preFIX属性属性preFIX =_ AJP和开发人员不应该走捷径，使发送AUTH属性槽的HTTP标头（ https://wiki.shibboleth.net/合流/显示/ SHIB2 / NativeSPSpoofChecking ）

In the documentation (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall) it is explicitly stated that AJP sends only attributes with prefix attributePrefix="AJP_" and that a developer should not take shortcuts and enable sending auth attributes trough HTTP headers (https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSpoofChecking)

我尝试使用检索属性。

HttpServletRequest req = (HttpServletRequest) FacesContext.getCurrentInstance()
                         .getExternalContext().getRequest();

Enumeration<String> e = req.getAttributeNames();

但无论我怎么努力，没有Shibboleth的属性不断出现。

But no matter what I try, no Shibboleth attributes ever show up.

推荐答案

两个小时试图找出我在做什么错后。我试图用名字来检索属性。

After two hours of trying to find out what I was doing wrong. I tried to retrieve attribute by name using.

req.getAttribute("uid");

和出于某种原因，工程。尽管UID不getAttributeNames（）上市;

And for some reason that works. Even though the "uid" isn't listed in getAttributeNames();

据闻起来像一个bug，或不合时宜通信AJP和Spring或JSF之间的某处...

It smells like a bug, or mistimed communication somewhere between AJP and Spring or JSF...

这篇关于检索的Shibboleth从AJP连接请求属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！