迁移shibboleth:
需迁移的文件:
shibboleth2.xml:idp和sp的相关配置(关键)
sp-encrypt-cert.pem
sp-encrypt-key.pem
sp-signing-cert.pem
sp-signing-key.pem
attribute-map.xml:从idp中获取的用户信息id(关键)
httpd中配置:
ssl.conf
javascript
<Location /sso>
AuthType shibboleth
ShibRequireSession On
Require shibboleth
# 关键:将 Shibboleth 属性作为 HTTP Header 传递给后端
ShibUseHeaders On
# 可选:指定传递哪些属性(如果不设置,传递所有属性)
# ShibExportAssertion On
ProxyPass http://127.0.0.1:10000/xxx/sso/login
ProxyPassReverse http://127.0.0.1:10000/xxx/sso/login
# 确保 Header 能被代理传递
ProxyPreserveHost On
</Location>Java 后端获取 Shibboleth 属性
java
import cn.hutool.http.HttpUtil;
import cn.hutool.http.HttpRequest;
import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;
@RestController
public class SsoController {
@GetMapping("/xxx/sso/login")
public String ssoLogin(HttpServletRequest request) {
// Shibboleth 属性会以 HTTP Header 形式传递
// 例如: displayName -> displayName
String uid = request.getHeader("uid");
String displayName = request.getHeader("displayName");
String givenName = request.getHeader("givenName");
String surname = request.getHeader("surname");
String eduPersonPrimaryAffiliation = request.getHeader("eduPersonPrimaryAffiliation");
// 调试:打印所有 Header
Enumeration<String> headers = request.getHeaderNames();
while (headers.hasMoreElements()) {
String name = headers.nextElement();
System.out.println(name + ": " + request.getHeader(name));
}
// 你的业务逻辑
if (uid != null) {
// 登录成功,创建 session 或 token
return "Login success for: " + displayName + " (" + uid + ")";
} else {
return "No Shibboleth attributes found";
}
}
}