如何在AngularJS应用程序中访问Shibboleth SP属性 [英] How to access Shibboleth SP Attributes in AngularJS Application

问题描述

我和Shibboleth都是新来的.

I am new to SSO as well as Shibboleth.

我已经在Apache服务器上成功实现了Shibboleth SP.每当用户尝试访问受保护的资源时，都会根据IDP对用户进行身份验证.

I have successfully implemented Shibboleth SP on an Apache Server. The user is getting authenticated against IDP whenever the user tries to access a protected resource.

基本上，Shibboleth SSO包含以下6个步骤:

Basically, Shibboleth SSO has the following 6 steps:

1. 用户访问受保护的资源
2. SP确定IdP并发出身份验证请求
3. 用户向IdP进行身份验证
4. IdP发布对SP的响应
5. 返回SP
6. 返回受保护的资源

我的客户端应用程序完全是使用AngularJS 1.6开发的.

My client app is purely developed using AngularJS 1.6.

一切正常，直到步骤6.我的问题是:

Everything is working fine till Step 6. My question is:

在步骤6:如何在AngularJS客户端应用程序中访问Shibboleth SP属性(例如名字或姓氏)?或者甚至可以直接在AngularJS应用中访问这些属性?

Shibboleth Wiki没有提及有关使用AngularJS访问属性的任何内容.

Shibboleth Wiki does not mention anything about accessing attributes using AngularJS.

请.任何帮助|指导|建议|反馈将不胜感激.

Please. Any help | guidance | suggestion | feedback will be greatly appreciated.

[UPDATE]

httpd.conf

我的httpd.conf非常简单.我为Shibboleth所做的唯一额外配置如下.休息是默认的.

My httpd.conf is very simple. The only extra configuration I did for Shibboleth is as below. Rest everything is default.

LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so

ServerName 10.63.32.125

<Location /licweb>
  AuthType shibboleth
  Require valid-user
  ShibRequireSession On
  ShibUseHeaders On
</Location>

shibboleth2.xml

这也是一个非常简单的文件.

This is also a very simple file.

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" 
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180">
    <ApplicationDefaults entityID="https://www.example.com/licweb/shibboleth" REMOTE_USER="eppn persistent-id targeted-id">

        <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
            <SSO entityID="https://my-sso-url">
                SAML2 SAML1
            </SSO>
            <Logout>SAML2 Local</Logout>

            <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
            <Handler type="Status" Location="/Status" acl="127.0.0.1"/>
            <Handler type="Session" Location="/Session" showAttributeValues="true" />
        </Sessions>
        <Errors supportContact="ankit.prajapati@yahoo.com" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/>
        <MetadataProvider type="XML" file="MetaData.xml"/>
        <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
        <AttributeResolver type="Query" subjectMatch="true"/>
        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
        <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
    </ApplicationDefaults>
    <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>

会话

我还通过以下网址获得了会话: http://10.63.32.125/Shibboleth.sso/会话

I also get the Session at the URL: http://10.63.32.125/Shibboleth.sso/Session

Miscellaneous
Session Expiration (barring inactivity): 473 minute(s)
Client Address: 10.63.32.125
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Identity Provider: https://my-identity-provider
Authentication Time: 2018-06-21T19:19:16.937Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
Authentication Context Decl: (none)

Attributes
displayName: Doe,John
givenName: John
mail: john.doe@yahoo.com
persistent-id: https://my-persistent-id
sn: doe

我想在运行于URL的AngularJS客户端网站上访问此属性: http://10.63.32.125/licweb

I want to access this attributes on my AngularJS Client Website running at URL: http://10.63.32.125/licweb

任何帮助将不胜感激.谢谢.

Any help will be greatly appreciated. THANKS.

推荐答案

通过在会话处理程序中将 contentType 设置为 application/json ，您将获得 JSON对象，而不是URL /Shibboleth.sso/Session 处的HTML.您可以像其他任何 JSON 资源/REST Api一样，在客户端JavaScript应用中请求该请求.

By setting contentType to application/json within the Session Handler you will get a JSON object instead of the HTML at the URL /Shibboleth.sso/Session. You can request that in your client-side JavaScript app like any other JSON resource / REST Api.

<Handler type="Session" Location="/Session" showAttributeValues="true" contentType="application/json" />

请参见 https://wiki.shibboleth.net/confluence/display/SP3/会话+处理程序

这篇关于如何在AngularJS应用程序中访问Shibboleth SP属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！