如何在AngularJS应用程序中访问Shibboleth SP属性 [英] How to access Shibboleth SP Attributes in AngularJS Application
问题描述
我和Shibboleth都是新来的.
I am new to SSO as well as Shibboleth.
我已经在Apache服务器上成功实现了Shibboleth SP.每当用户尝试访问受保护的资源时,都会根据IDP对用户进行身份验证.
I have successfully implemented Shibboleth SP on an Apache Server. The user is getting authenticated against IDP whenever the user tries to access a protected resource.
基本上,Shibboleth SSO包含以下6个步骤:
Basically, Shibboleth SSO has the following 6 steps:
- 用户访问受保护的资源
- SP确定IdP并发出身份验证请求
- 用户向IdP进行身份验证
- IdP发布对SP的响应
- 返回SP
- 返回受保护的资源
我的客户端应用程序完全是使用AngularJS 1.6开发的.
My client app is purely developed using AngularJS 1.6.
一切正常,直到步骤6.我的问题是:
Everything is working fine till Step 6. My question is:
在步骤6:如何在AngularJS客户端应用程序中访问Shibboleth SP属性(例如名字或姓氏)?或者甚至可以直接在AngularJS应用中访问这些属性?
Shibboleth Wiki没有提及有关使用AngularJS访问属性的任何内容.
Shibboleth Wiki does not mention anything about accessing attributes using AngularJS.
请.任何帮助|指导|建议|反馈将不胜感激.
Please. Any help | guidance | suggestion | feedback will be greatly appreciated.
[UPDATE]
httpd.conf
我的httpd.conf非常简单.我为Shibboleth所做的唯一额外配置如下.休息是默认的.
My httpd.conf is very simple. The only extra configuration I did for Shibboleth is as below. Rest everything is default.
LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
ServerName 10.63.32.125
<Location /licweb>
AuthType shibboleth
Require valid-user
ShibRequireSession On
ShibUseHeaders On
</Location>
shibboleth2.xml
这也是一个非常简单的文件.
This is also a very simple file.
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180">
<ApplicationDefaults entityID="https://www.example.com/licweb/shibboleth" REMOTE_USER="eppn persistent-id targeted-id">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<SSO entityID="https://my-sso-url">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<md:ArtifactResolutionService Location="/Artifact/SOAP" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session" showAttributeValues="true" />
</Sessions>
<Errors supportContact="ankit.prajapati@yahoo.com" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" file="MetaData.xml"/>
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>
会话
我还通过以下网址获得了会话: http://10.63.32.125/Shibboleth.sso/会话
I also get the Session at the URL: http://10.63.32.125/Shibboleth.sso/Session
Miscellaneous
Session Expiration (barring inactivity): 473 minute(s)
Client Address: 10.63.32.125
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Identity Provider: https://my-identity-provider
Authentication Time: 2018-06-21T19:19:16.937Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:AuthenticatedTelephony
Authentication Context Decl: (none)
Attributes
displayName: Doe,John
givenName: John
mail: john.doe@yahoo.com
persistent-id: https://my-persistent-id
sn: doe
我想在运行于URL的AngularJS客户端网站上访问此属性: http://10.63.32.125/licweb
I want to access this attributes on my AngularJS Client Website running at URL: http://10.63.32.125/licweb
任何帮助将不胜感激.谢谢.
Any help will be greatly appreciated. THANKS.
推荐答案
通过在会话处理程序中将 contentType
设置为 application/json
,您将获得 JSON
对象,而不是URL /Shibboleth.sso/Session
处的HTML.您可以像其他任何 JSON
资源/REST Api一样,在客户端JavaScript应用中请求该请求.
By setting contentType
to application/json
within the Session Handler you will get a JSON
object instead of the HTML at the URL /Shibboleth.sso/Session
.
You can request that in your client-side JavaScript app like any other JSON
resource / REST Api.
<Handler type="Session" Location="/Session" showAttributeValues="true" contentType="application/json" />
请参见 https://wiki.shibboleth.net/confluence/display/SP3/会话+处理程序
这篇关于如何在AngularJS应用程序中访问Shibboleth SP属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!