Wednesday, December 16, 2015

How to access Shibboleth as SP built in variables in your Application?

Most of the variables created by the SP are controlled by you, and correspond to mapped attributes. A few are built into the SP and can't be renamed.

Variable
Meaning
Shib-Application-ID
The applicationId property derived for the request.
Shib-Session-ID
The internal session key assigned to the session associated with the request.
Shib-Identity-Provider
The entityID of the IdP that authenticated the user associated with the request.
Shib-Authentication-Instant
The ISO timestamp provided by the IdP indicating the time of authentication.
Shib-Authentication-Method
The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.
Shib-AuthnContext-Class
The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.
Shib-AuthnContext-Decl

The <AuthnContextDeclRef> value supplied by the IdP, if any.

We can access all these variable as header in JAVA application.
Eg:
    request.getHeader("Shib-Identity-Provider")
   request.getHeader("Shib-Session-ID")

Reference:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess
- 1 comment:
Labels: ,

Friday, December 4, 2015

Attribute Authority, Command Line Interface (AACLI)

Today, I have encountered one interesting tool in Shibboleth IdP which will check the resolver, filters and also the metadata so that you can know exactly what will happen in any given situation without starting the IdP. J

As a developer, I would say it’s a great tool as you don’t have to restart your IdP again and again after every changes.

The name of the tool is (Attribute Authority, Command Line Interface) ACCLI which is located in the IDP_HOME/bin directory and is called aacli.sh or aacli.bat.

How it works?

Make sure, you have set IDP_HOME to your system environment variable.

To check what all attribute it will return for userId SysAdmin and Service Provider EntityId “https://domain.waheedtechblog.com/shibboleth”)

aacli.bat --configDir=C:\idp\conf\ --principal=SysAdmin --requester=https://domain1.com/Shibboleth



Please check here for detail information.
- No comments:
Labels: ,
Subscribe to: Posts (Atom)

How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...