问题描述
我们正在为我们的应用程序使用Shibboleth服务提供商.我们已经在本地计算机上安装了Sp.现在,我需要根据URL将其配置为多个idP.例子: 我们有两个主机one.sample.com和two.sample.com都指向同一台计算机-因此具有相同的SP.
We are using Shibboleth Service provider for our application. We have installed the Sp in our local machine.Now I need to have it configured to multiple idP depending upon the url.Example: We have two hosts one.sample.com and two.sample.com both point to same machine - so same SP.
因此要配置Sp,使其在点击one.sample.com时使用 https://testshib对用户进行身份验证.com/idp ,然后点击two.sample.com,然后使用另一个idp对用户进行身份验证.
So want to configure Sp in way that when hit one.sample.com then it authenticate user using https://testshib.com/idp and when hit two.sample.com then authenticate user with another idp.
它不应要求我选择idP.它应该根据主机网址自动识别idp.
It should not ask me to choose the idP. it should automatically identify idp based on the host Url.
谢谢
推荐答案
您可以在shibboleth2.xml
文件中使用<RequestMap>
元素.
You can use <RequestMap>
element in shibboleth2.xml
file.
更多详细信息可以在此处找到.
More details can be found here.
<RequestMap applicationId="default">
<Host name="www.example.org">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
<Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true">
<AccessControl>
<Rule require="affiliation">[email protected] [email protected]</Rule>
</AccessControl>
</Host> </RequestMap>
上面的示例直接来自我上面提供的Shibboleth Wiki链接.
Above exmple is directly taken from the Shibboleth wiki link I provided above.
如果需要,可以忽略AccessControl标记,并直接映射主机"和路径".因此,对于您的示例,您将需要创建两个应用程序并将两个主机映射到该应用程序.如果您不提供applicationId,则它将以ApplicationDefault
作为应用程序.
You can ignore AccessControl tag if you want and map Host and Path directly. So for your example, you will need to create two applications and map two host to application. If you don't provide applicationId then it will take ApplicationDefault
as application.
如何提供多个应用程序可以在此处中找到.
How to provide multiple application can be found here.
这篇关于Shibboleth-基于Url从多个idp中自动选择单个SP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!