用于 ldap 身份验证的 Shibboleth idp 配置

Shibboleth idp configuration for ldap authentication

我是 shibboleth 的新手,我正在尝试将 LDAP 与 Shibboleth 结合使用。我尝试了很多,但我无法做到。任何人都可以告诉我以下 java 代码的 AttributeDefinition、DataConnector 和 login.config 应该是什么,它们工作正常。请帮忙

   Hashtable env = new Hashtable();
        String ldapSearchBase = "dc=samplehro,dc=india";
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put("com.sun.jndi.ldap.read.timeout", "4000");
        env.put(Context.PROVIDER_URL, "ldap://smplchn-adsvr.samplehro.india");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, username + "@samplehro.india");
        env.put(Context.SECURITY_CREDENTIALS, password);

接受的答案是 link-only 答案,link 已经死了,所以这里的答案基本上只是从 official Shibboleth documentation. 复制一个例子:

# Put in attribute-resolver.xml
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
    ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
    baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
    principal="%{idp.attribute.resolver.LDAP.bindDN}"
    principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
    trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
    useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
    noResultIsError="%{idp.attribute.resolver.LDAP.noResultsIsError:false}"
    multipleResultsIsError="%{idp.attribute.resolver.LDAP.multipleResultsIsError:true}">
    <FilterTemplate>
        <![CDATA[
            %{idp.attribute.resolver.LDAP.searchFilter}
        ]]>
    </FilterTemplate>
    <LDAPProperty name="name1" value="%{idp.attribute.resolver.LDAP.prop1}"/>
    <LDAPProperty name="name2" value="%{idp.attribute.resolver.LDAP.prop2}"/>
    <StartTLSAuthenticationCredential xsi:type="security:X509Filesystem" xmlns:security="urn:mace:shibboleth:2.0:security" id="IdPtoLDAPCredential">
        <security:PrivateKey>%{idp.attribute.resolver.LDAP.authenticationKey}</security:PrivateKey>
        <security:Certificate>%{idp.attribute.resolver.LDAP.authenticationCertificate}</security:Certificate>
    </StartTLSAuthenticationCredential>
</DataConnector>