迁移shibboleth java获取shibboleth用户信息

迁移shibboleth：

需迁移的文件：

shibboleth2.xml:idp和sp的相关配置(关键)

sp-encrypt-cert.pem

sp-encrypt-key.pem

sp-signing-cert.pem

sp-signing-key.pem

attribute-map.xml:从idp中获取的用户信息id(关键)

httpd中配置：
ssl.conf

<Location /sso>
    AuthType shibboleth
    ShibRequireSession On
    Require shibboleth
    
    # 关键：将 Shibboleth 属性作为 HTTP Header 传递给后端
    ShibUseHeaders On
    
    # 可选：指定传递哪些属性（如果不设置，传递所有属性）
    # ShibExportAssertion On
    
    ProxyPass http://127.0.0.1:10000/xxx/sso/login
    ProxyPassReverse http://127.0.0.1:10000/xxx/sso/login
    
    # 确保 Header 能被代理传递
    ProxyPreserveHost On
</Location>

Java 后端获取 Shibboleth 属性

import cn.hutool.http.HttpUtil;
import cn.hutool.http.HttpRequest;
import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;

@RestController
public class SsoController {
    
    @GetMapping("/xxx/sso/login")
    public String ssoLogin(HttpServletRequest request) {
        // Shibboleth 属性会以 HTTP Header 形式传递
        // 例如: displayName -> displayName
        
        String uid = request.getHeader("uid");
        String displayName = request.getHeader("displayName");
        String givenName = request.getHeader("givenName");
        String surname = request.getHeader("surname");
        String eduPersonPrimaryAffiliation = request.getHeader("eduPersonPrimaryAffiliation");
        
        // 调试：打印所有 Header
        Enumeration<String> headers = request.getHeaderNames();
        while (headers.hasMoreElements()) {
            String name = headers.nextElement();
            System.out.println(name + ": " + request.getHeader(name));
        }
        
        // 你的业务逻辑
        if (uid != null) {
            // 登录成功，创建 session 或 token
            return "Login success for: " + displayName + " (" + uid + ")";
        } else {
            return "No Shibboleth attributes found";
        }
    }
}