用于 ldap 身份验证的 Shibboleth idp 配置
Shibboleth idp configuration for ldap authentication
我是 shibboleth 的新手,我正在尝试将 LDAP 与 Shibboleth 结合使用。我尝试了很多,但我无法做到。任何人都可以告诉我以下 java 代码的 AttributeDefinition、DataConnector 和 login.config 应该是什么,它们工作正常。请帮忙
Hashtable env = new Hashtable();
String ldapSearchBase = "dc=samplehro,dc=india";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.read.timeout", "4000");
env.put(Context.PROVIDER_URL, "ldap://smplchn-adsvr.samplehro.india");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username + "@samplehro.india");
env.put(Context.SECURITY_CREDENTIALS, password);
接受的答案是 link-only 答案,link 已经死了,所以这里的答案基本上只是从 official Shibboleth documentation. 复制一个例子:
# Put in attribute-resolver.xml
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
noResultIsError="%{idp.attribute.resolver.LDAP.noResultsIsError:false}"
multipleResultsIsError="%{idp.attribute.resolver.LDAP.multipleResultsIsError:true}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<LDAPProperty name="name1" value="%{idp.attribute.resolver.LDAP.prop1}"/>
<LDAPProperty name="name2" value="%{idp.attribute.resolver.LDAP.prop2}"/>
<StartTLSAuthenticationCredential xsi:type="security:X509Filesystem" xmlns:security="urn:mace:shibboleth:2.0:security" id="IdPtoLDAPCredential">
<security:PrivateKey>%{idp.attribute.resolver.LDAP.authenticationKey}</security:PrivateKey>
<security:Certificate>%{idp.attribute.resolver.LDAP.authenticationCertificate}</security:Certificate>
</StartTLSAuthenticationCredential>
</DataConnector>
我是 shibboleth 的新手,我正在尝试将 LDAP 与 Shibboleth 结合使用。我尝试了很多,但我无法做到。任何人都可以告诉我以下 java 代码的 AttributeDefinition、DataConnector 和 login.config 应该是什么,它们工作正常。请帮忙
Hashtable env = new Hashtable();
String ldapSearchBase = "dc=samplehro,dc=india";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.read.timeout", "4000");
env.put(Context.PROVIDER_URL, "ldap://smplchn-adsvr.samplehro.india");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username + "@samplehro.india");
env.put(Context.SECURITY_CREDENTIALS, password);
接受的答案是 link-only 答案,link 已经死了,所以这里的答案基本上只是从 official Shibboleth documentation. 复制一个例子:
# Put in attribute-resolver.xml
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
noResultIsError="%{idp.attribute.resolver.LDAP.noResultsIsError:false}"
multipleResultsIsError="%{idp.attribute.resolver.LDAP.multipleResultsIsError:true}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<LDAPProperty name="name1" value="%{idp.attribute.resolver.LDAP.prop1}"/>
<LDAPProperty name="name2" value="%{idp.attribute.resolver.LDAP.prop2}"/>
<StartTLSAuthenticationCredential xsi:type="security:X509Filesystem" xmlns:security="urn:mace:shibboleth:2.0:security" id="IdPtoLDAPCredential">
<security:PrivateKey>%{idp.attribute.resolver.LDAP.authenticationKey}</security:PrivateKey>
<security:Certificate>%{idp.attribute.resolver.LDAP.authenticationCertificate}</security:Certificate>
</StartTLSAuthenticationCredential>
</DataConnector>