问题描述
我有一个 Restful Java Web 应用程序,它将部署到许多不同的环境(超出我的控制范围),这些环境将使用 SAML 2.0 SSO 解决方案.
I have a Restful Java Web application which is to be deployed to a number of different environments (outside of my control) which will be using a SAML 2.0 SSO solution.
我的应用程序(我认为是服务提供者")需要存储用户生成的状态,并使用内部业务逻辑来确定允许哪些用户查看或更新其他用户的数据.为了使其工作,我们需要知道用户是谁,以及用户属于哪些组.但我如何获得这些信息?
My application (which I believe is the "service provider") needs to store state generated by the user, and uses internal business logic to work out which users are allowed to view or update other user's data. In order for this to work we need to know who the user is, and what groups the user is part of. But how do I get this information?
理想情况下,我的 Web 应用程序将与 SSO 无关,并且会在 http 请求中查找一些可配置的密钥标头以获取此信息,例如请求中可以解析的 SAML 令牌,或者某些特定于我的服务提供商"的自定义标头.
Ideally my web app will be SSO agnostic, and would look for some configurable key headers in the http requests to get this information e.g. a SAML token in a request which could be parsed, or perhaps some custom headers specific to my "service provider".
非常感谢
推荐答案
您可以在 Java Web 应用程序前面运行反向代理来处理 SSO 协议部分并将用户身份信息以 HTTP 标头的形式传递给应用程序;SAML 2.0 有 mod_auth_mellon:https://github.com/UNINETT/mod_auth_mellon
you could run a reverse proxy in front of the Java web application to handle the SSO protocol part and relay user identity information to the application in HTTP headers; for SAML 2.0 there is mod_auth_mellon: https://github.com/UNINETT/mod_auth_mellon
这篇关于将 Java Web 应用程序与 SAML SSO 集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!