我可以在不使用Apache和shibd的情况下在我的Java Webapp中集成Shibboleth SSO吗？ [英] Can I integrate Shibboleth SSO in my Java Webapp without using Apache and shibd?

问题描述

我正在开发一个使用嵌入式Jetty的纯Java Web应用程序，我希望集成一个Shibboleth登录。为此，我正在关注 switch.ch的Shibboleth服务提供商部署指南，其中声明：

I'm working on a pure Java web application that uses an embedded Jetty and I want to integrate a Shibboleth login. To do this, I'm following switch.ch's guide for Shibboleth Service Provider Deployment, which states:

Shibboleth服务提供程序包含一个运行在
所有主要操作系统上的守护进程shibd和一个web服务器模块mod_shib这是
原生支持：

The Shibboleth Service Provider consists of a daemon shibd running on all major operating systems and a web server module mod_shib which is natively supported by:

• Apache Web服务器（版本1.3.x，2.x）


• IIS（版本6,7和8）

我的问题是，有没有办法在我的Java Web应用程序中集成Shibboleth SSO而不使用Apache Web服务器或运行shibd的IIS？也许有人之前做过这个并且可以提供示例Servlets / Filters等等？

My question is, is there a way to integrate Shibboleth SSO in my Java web application without using an Apache web server or IIS running shibd? Maybe somebody has done this before and could provide example Servlets/Filters or the like?

我不希望在Shibboleth的应用程序前面有一个Web服务器，因为它会使安装复杂化。目前，安装只需两个步骤：提取人工制品并运行启动脚本，如果我能保持这样，我将不胜感激。

I don't want an Webserver in front of the application just for Shibboleth, because it would complicate the installation. Currently, the installation is just two steps: extract the artefact and run the start script and I would appreciate if I could keep it like this.

推荐答案

将shibboleth sp放在前面的Web服务器是最简单的方法。此外，如果您发现idp发布的所有属性仅针对您的身份存储验证它们，您可以添加servlet过滤器和检查标头。

Putting shibboleth sp with web server in front is the easiest way out. Additionally you can add servlet filter and check header , if you find all attributes released by idp validate them against your identity store just for assertion.

这篇关于我可以在不使用Apache和shibd的情况下在我的Java Webapp中集成Shibboleth SSO吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！