登录后无法从OpenAM获取uid
登录后无法从OpenAM获取uid
提问于 2015-10-02 20:14:50
我用OpenAM设置了一个IIS服务器。基本上,当我请求一个url时,它会重定向到http://oa.asto.asia:8787/openam进行登录。在我登录后,它会重定向回IIS服务器,但当我检查请求报头时,cookie中只有iplanetDirectory,请求报头中没有uid。
在OpenAM代理中,我还在代理/应用程序/配置文件头和响应头中添加了键映射。
下面是IIS Web策略代理的设置文件。OpenSSOAgentBootstrap.properties
com.sun.identity.agents.config.naming.url = http://oa.asto.asia:8787/openam/namingservice
com.sun.identity.agents.config.organization.name = /
com.sun.identity.agents.config.username = ly_agent
com.sun.identity.agents.config.password = XxBFeAmLHMdA5o3llkEp2A==
com.sun.identity.agents.config.key = wbp7crbzqt
com.sun.identity.agents.config.debug.file = C:/web_agents/iis7_agent/Identifier_1/logs/debug/amAgent
com.sun.identity.agents.config.local.logfile = C:/web_agents/iis7_agent/Identifier_1/logs/audit/amAgent_ly_asto_asia.log
com.sun.identity.agents.config.debug.level =
com.sun.identity.agents.config.sslcert.dir =
com.sun.identity.agents.config.certdb.prefix =
com.sun.identity.agents.config.certdb.password =
com.sun.identity.agents.config.certificate.alias =
com.sun.identity.agents.config.trust.server.certs = true
com.sun.identity.agents.config.receive.timeout = 0
com.sun.identity.agents.config.connect.timeout = 0
com.sun.identity.agents.config.tcp.nodelay.enable = false
com.sun.identity.agents.config.forward.proxy.host =
com.sun.identity.agents.config.forward.proxy.port =
com.sun.identity.agents.config.forward.proxy.user =
com.sun.identity.agents.config.forward.proxy.password =
com.sun.identity.agents.config.profilename = ly_agent
com.forgerock.agents.ext.url.validation.level = 2
com.forgerock.agents.ext.url.validation.ping.interval = 60
com.forgerock.agents.ext.url.validation.ping.miss.count = 3
com.forgerock.agents.ext.url.validation.ping.ok.count = 3
com.forgerock.agents.ext.url.validation.default.url.set =
ts.init.retry.max =
com.forgerock.agents.init.retry.wait =
# com.forgerock.agents.nss.shutdown = onOpenSSOAgentConfiguration.properties
com.sun.identity.agents.config.login.url[0] = http://oa.asto.asia:8787/openam/UI/Login
com.sun.identity.agents.config.cookie.name = iPlanetDirectoryPro
com.sun.identity.agents.config.cookie.secure = false
com.sun.identity.agents.config.debug.level =
com.sun.identity.agents.config.debug.file.rotate = true
com.sun.identity.agents.config.debug.file.size = 10000000
com.sun.identity.agents.config.audit.accesstype = LOG_NONE
com.sun.identity.agents.config.log.disposition = REMOTE
com.sun.identity.agents.config.remote.logfile = amAgent_ly_asto_asia.log
com.sun.identity.agents.config.remote.log.interval = 5
com.sun.identity.agents.config.local.log.rotate = false
com.sun.identity.agents.config.local.log.size = 52428800
com.sun.identity.agents.config.notification.enable = true
com.sun.identity.client.notification.url = http://ly.asto.asia:80/UpdateAgentCacheServlet?shortcircuit=false
com.sun.identity.agents.config.url.comparison.case.ignore = true
com.sun.identity.agents.config.policy.cache.polling.interval = 3
com.sun.identity.agents.config.sso.cache.polling.interval = 3
com.sun.identity.agents.config.userid.param = UserToken
com.sun.identity.agents.config.userid.param.type = SESSION
com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid] = uid
com.sun.identity.agents.config.session.attribute.fetch.mode = NONE
com.sun.identity.agents.config.session.attribute.mapping[] =
com.sun.identity.agents.config.response.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.response.attribute.mapping[uid] = uid
com.sun.identity.agents.config.attribute.multi.value.separator = |
com.sun.identity.agents.config.load.balancer.enable = false
com.sun.identity.agents.config.agenturi.prefix = http://ly.asto.asia:80/amagent
com.sun.identity.agents.config.locale = en_US
com.sun.identity.agents.config.sso.only = false
com.sun.identity.agents.config.access.denied.url =
com.sun.identity.agents.config.fqdn.check.enable = true
com.sun.identity.agents.config.fqdn.default = ly.asto.asia
com.sun.identity.agents.config.fqdn.mapping[] =
com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset[0] =
com.sun.identity.agents.config.anonymous.user.enable = false
com.sun.identity.agents.config.anonymous.user.id = anonymous
com.sun.identity.agents.config.notenforced.url[0] =
com.sun.identity.agents.config.notenforced.url.invert = false
com.sun.identity.agents.config.notenforced.url.attributes.enable = false
com.sun.identity.agents.config.notenforced.ip[0] =
com.sun.identity.agents.config.postdata.preserve.enable = false
com.sun.identity.agents.config.postcache.entry.lifetime = 10
com.sun.identity.agents.config.postdata.preserve.lbcookie =
com.sun.identity.agents.config.client.ip.validation.enable = false
com.sun.identity.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.identity.agents.config.profile.attribute.cookie.maxage = 300
com.sun.identity.agents.config.cdsso.enable = false
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://oa.asto.asia:8787/openam/cdcservlet
com.sun.identity.agents.config.cdsso.cookie.domain[0] =
com.sun.identity.agents.config.logout.url[0] = http://oa.asto.asia:8787/openam/UI/Logout
com.sun.identity.agents.config.agent.logout.url[0] =
com.sun.identity.agents.config.logout.cookie.reset[0] =
com.sun.identity.agents.config.logout.redirect.url =
com.sun.identity.agents.config.fetch.from.root.resource = true
com.sun.identity.agents.config.get.client.host.name = false
com.sun.identity.agents.config.convert.mbyte.enable = false
com.sun.identity.agents.config.encode.url.special.chars.enable = false
com.sun.identity.agents.config.encode.cookie.special.chars.enable = false
com.sun.identity.agents.config.ignore.path.info = false
com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list = true
com.sun.identity.agents.config.override.protocol =
com.sun.identity.agents.config.override.host =
com.sun.identity.agents.config.override.port =
com.sun.identity.agents.config.override.notification.url =
com.sun.identity.agents.config.auth.connection.timeout =
com.sun.identity.agents.config.ignore.server.check = false
com.sun.identity.agents.config.poll.primary.server = 5
com.sun.identity.agents.config.ignore.preferred.naming.url = true
com.sun.identity.agents.config.polling.interval = 60
com.sun.identity.agents.config.cleanup.interval = 30
com.sun.identity.agents.config.iis.auth.type = dsame
com.sun.identity.agents.config.replaypasswd.key =
com.sun.identity.agents.config.iis.filter.priority = HIGH
com.sun.identity.agents.config.iis.owa.enable = false
com.sun.identity.agents.config.iis.owa.enable.change.protocol = false
com.sun.identity.agents.config.iis.owa.enable.session.timeout.url =
com.sun.identity.agents.config.proxy.override.host.port = false
com.sun.identity.agents.config.domino.check.name.database = false
com.sun.identity.agents.config.domino.ltpa.enable = false
com.sun.identity.agents.config.domino.ltpa.cookie.name = LtpaToken
com.sun.identity.agents.config.domino.ltpa.config.name = LtpaToken
com.sun.identity.agents.config.domino.ltpa.org.name =
com.sun.identity.agents.config.policy.clock.skew = 0
com.sun.identity.agents.config.redirect.param = goto
com.sun.identity.agents.config.client.ip.header =
com.sun.identity.agents.config.client.hostname.header =我真的需要你的帮助。如果你有什么想法,我很高兴听到。
回答 2
Stack Overflow用户
发布于 2015-11-23 16:23:22
您是如何检查请求头的?来自浏览器插件,比如chrome中的“开发工具”?如果是,您将无法找到该标头,因为它是由openam web代理更新的。您只能在IIS服务器端获取该标头。此外,您是如何配置代理键映射的?根据我的经验,我使用cn= my-user-id,并且可以在我的服务提供者端获得头my -user- id和值'the id of authenticated user‘。
Stack Overflow用户
发布于 2015-12-10 11:53:15
下面是从OpenAM服务器获取uid的函数。
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = null;
Cookie cookies[] = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("iPlanetDirectoryPro")) {
token = cookies[i].getValue();
}
}
}
String uid = null;
String line = null;
URL iurl = new URL("http://192.168.0.1:8080/openam/identity/attributes?subjectid=" + token);
URLConnection connection = iurl.openConnection();
BufferedReader reader = new BufferedReader(new InputStreamReader( (InputStream) connection.getContent()));
while ((line = reader.readLine()) != null) {
if ("userdetails.attribute.name=uid".equals(line)) {
line = reader.readLine();
uid = line.substring("userdetails.attribute.value=".length());
}
}
return true;
}基本上,我们可以从OpenAM请求中获取iPlanetDirectoryPro令牌值。之后,我们使用/openam/identity/attributes?subjectid=" + token接口来获取完整的用户信息。参考:http://tech-sketch.jp/2013/06/openam.html
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32906958
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号