我对 Shibboleth 还比较陌生,但我似乎无法解决将 REMOTE_USER 传达给我的应用程序的问题。
我的堆栈是 shibd 2.5.3 和 Apache 2.4.18,通过 unix 套接字输入到 Gunicorn 服务器。
我的 中有以下内容shibboleth2.xml
:
<ApplicationDefaults entityID="https://server.uchicago.edu/shibboleth" REMOTE_USER="uid mail eppn">
我的 Apache 配置如下:
<Location /minimum>
AuthType Shibboleth
Require shibboleth
ShibRequestSetting requireSession false
</Location>
...
### Shibboleth Auth Test App ###
<Directory /var/www/testing/shib_test_app/minimum_srv/>
require valid-user
<Files wsgi.py>
Require all granted
</Files>
</Directory>
ProxyPass /minimum/ unix:/var/www/testing/shib_test_app/run/minimum.socket|http://server.uchicago.edu/minimum/
成功登录后将产生以下内容transaction.log
:
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: New session (ID: _c7733778bc32d918c86af6ed3032b4d8) with (applicationId: default) for principal from (IdP: urn:mace:incommon:uchicago.edu) at (ClientAddress: 128.135.219.225) with (NameIdentifier: AAdzZWNyZXQxyKNPOa4xNc3jfe3SU1ECnug95BZZklugt27zSuUOLFPnF/G8zlPSTB9M5bAIXSN2WZoR9DB5mxo6w0wii7KQWJQLHtYSQM/H5dyLa+B9MOLq6ZqB7x7z9b6fjvjPpMVCxsjKhr7C7OglCHw2gqk=) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _2b139b94d61993652304709bb6a7a1e3)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: Cached the following attributes with session (ID: _c7733778bc32d918c86af6ed3032b4d8) for (applicationId: default) {
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: entitlement (5 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: ucDepartment (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: mail (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: unscoped-affiliation (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: displayName (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: givenName (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: ucisMemberOf (57 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: cn (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: uid (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: affiliation (2 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: persistent-id (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: nickname (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: eppn (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: sn (1 values)
2017-11-13 11:07:09 INFO Shibboleth-TRANSACTION [1724]: }
然后我进入我的/Shibboleth.sso/Session
:
Shibboleth.sso/会话截图
似乎 SP 正在向我返回属性,并且shibboleth2.xml
我已将其配置uid
为 REMOTE_USER 的主要填充项,但它在 Apache 环境变量中设置为 null(至少据我所知,它没有显示在 Django 的 中request.META
)。如果我将 Apache 配置为 ,可能值得知道一切都运行良好ShibUseHeaders On
,但我宁愿不启用它。
有谁能帮忙指出断开连接的位置可能在哪里吗?