以下是在IDP和SP之间交换SAML断言的代码片段,我可以从IDP获取SAML断言,但是从SP端的IDP获取SAML断言的代码不起作用。
def exchange_assertion(self):
"""Send assertion to a SP."""
# sp[u'sp_url'] = http://localhost/Shibboleth.sso/SAML2/ECP
response = self.session.post(
sp[u'sp_url'],
headers={'Content-Type': 'application/vnd.paos+xml'},
data=self.assertion,
authenticated=False,
redirect=False)
# the status code is 302, so I assume it's okay so far.
self._check_response(response)
# sp[u'auth_url'] is url of which points to SP where it expects
# the saml assertion can be fetched from the context, but
# it doesn't unfortunately.
r = self._handle_http_302_ecp_redirect(self.session, response, sp[u'auth_url'],
method='GET',
headers={'Content-Type':
'application/vnd.paos+xml'})
def _handle_http_302_ecp_redirect(self, session, response, location, method, **kwargs):
return session.get(location, authenticated=False, **kwargs)
我被困的地方是saml断言无法从上下文['environment']获得。那么,这里出了什么问题?感谢任何建议。
答案 0 :(得分:0)
啊,apache下有一些配置错误,问题已经解决了。
/etc/shibbothth/shibboleth2.xml中的配置配置为使用默认的Application,所以我必须在apache下将applicationId更改为'default',配置如下所示,
<Location ~ "/this is the auth uri/">
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibRequestSetting applicationId default
#ShibRequireAll On
#ShibRequireSession On
ShibExportAssertion Off
Require valid-user
</Location>
然后它有效。