所有
我正在尝试配置OpenAM,J2EEAgent和OpenIG。当我得到OpenAM的Policy Response时,我想获得cn。所以我配置com.sun.identity.agents.config.response.attribute.fetch.mode = HTTP_HEADER。但是我无法在政策回应中获得cn。
我有两个问题。
1,如何配置在策略响应中获取cn?
2,我使用SqlAttributesFilter从cn搜索uid(OpenIG managed) 当OpenIG获得政策响应时。我创建了OpenIG的config.json。请检查一下。
{
"_comment" : "Sample OpenIG config for form login.",
"heap":[
{
"name":"DispatchHandler",
"type":"DispatchHandler",
"config":{
"bindings":[
{
"condition": "${matches(exchange.request.uri.path,'^/openig') != null}",
"handler":"LoginChain"
},
{
"handler":"OutgoingChain"
}
],
"baseURI":"http://test.co.jp:7070/"
}
},
{
"name":"LoginChain",
"type":"Chain",
"config":{
"filters":["SqlAttributesFilter"],
"handler":"LoginRedirectHandler"
}
},
{
"name": "SqlAttributesFilter",
"type": "SqlAttributesFilter",
"config": {
"dataSource": "java:comp/env/jdbc/postgresql",
"preparedStatement":
"SELECT uid
FROM user_table WHERE cn = ?;",
"parameters": [
"${exchange.request.headers['cn'][0]}"
],
"target" : "${exchange.credentials}"
}
},
{
"name":"LoginRedirectHandler",
"type":"StaticResponseHandler",
"config":{
"status":302,
"reason":"Found",
"headers":{
"Location":[
"http://test.co.jp:5050/testsp/index.html?j_site=${exchange.credentials.site}&j_uid=${exchange.credentials.uid}"
],
"Cache-Control":["no-cache"],
"Pragma":["no-cache"]
}
}
},
{
"name":"OutgoingChain",
"type":"Chain",
"config":{
"filters":[
"CaptureFilter"
],
"handler":"ClientHandler"
}
},
{
"name":"ClientHandler",
"type":"ClientHandler",
"config":{
}
},
{
"name":"CaptureFilter",
"type":"CaptureFilter",
"config":{
"captureEntity":true,
"file":"/home/test/.openig/config/gateway.log"
}
},
{
"name":"LogSink",
"comment":"Default sink for logging information.",
"type":"ConsoleLogSink",
"config":{
"level":"DEBUG"
}
}
],
"handler": "DispatchHandler"
}
请帮助我。 方面。
答案 0 :(得分:0)
1)修改假设与受保护资源匹配的策略,并将“cn”添加到属性列表中。
或者您只需修改代理配置,因此您可以为配置文件属性设置属性映射,而不是使用响应属性。