我使用 OpenAM 设置了一个 IIS 服务器。基本上,当我请求一个 url http://ly.asto.asia/test
时,它会重定向到 http://oa.asto.asia:8787/openam
到登录。在我登录后它重定向回 IIS 服务器,但是当我检查请求 header 时,cookie 中只有 iplanetDirectory
,uid
不包含在请求 header 中。
在 OpenAM 代理中,我还在代理/应用程序/配置文件 header 和响应 header 中添加了键映射。
以下是 IIS Web Policy Agent 的设置文件。
OpenSSOAgentBootstrap.properties
com.sun.identity.agents.config.naming.url = http://oa.asto.asia:8787/openam/namingservice
com.sun.identity.agents.config.organization.name = /
com.sun.identity.agents.config.username = ly_agent
com.sun.identity.agents.config.password = XxBFeAmLHMdA5o3llkEp2A==
com.sun.identity.agents.config.key = wbp7crbzqt
com.sun.identity.agents.config.debug.file = C:/web_agents/iis7_agent/Identifier_1/logs/debug/amAgent
com.sun.identity.agents.config.local.logfile = C:/web_agents/iis7_agent/Identifier_1/logs/audit/amAgent_ly_asto_asia.log
com.sun.identity.agents.config.debug.level =
com.sun.identity.agents.config.sslcert.dir =
com.sun.identity.agents.config.certdb.prefix =
com.sun.identity.agents.config.certdb.password =
com.sun.identity.agents.config.certificate.alias =
com.sun.identity.agents.config.trust.server.certs = true
com.sun.identity.agents.config.receive.timeout = 0
com.sun.identity.agents.config.connect.timeout = 0
com.sun.identity.agents.config.tcp.nodelay.enable = false
com.sun.identity.agents.config.forward.proxy.host =
com.sun.identity.agents.config.forward.proxy.port =
com.sun.identity.agents.config.forward.proxy.user =
com.sun.identity.agents.config.forward.proxy.password =
com.sun.identity.agents.config.profilename = ly_agent
com.forgerock.agents.ext.url.validation.level = 2
com.forgerock.agents.ext.url.validation.ping.interval = 60
com.forgerock.agents.ext.url.validation.ping.miss.count = 3
com.forgerock.agents.ext.url.validation.ping.ok.count = 3
com.forgerock.agents.ext.url.validation.default.url.set =
ts.init.retry.max =
com.forgerock.agents.init.retry.wait =
# com.forgerock.agents.nss.shutdown = on
OpenSSOAgentConfiguration.properties
com.sun.identity.agents.config.login.url[0] = http://oa.asto.asia:8787/openam/UI/Login
com.sun.identity.agents.config.cookie.name = iPlanetDirectoryPro
com.sun.identity.agents.config.cookie.secure = false
com.sun.identity.agents.config.debug.level =
com.sun.identity.agents.config.debug.file.rotate = true
com.sun.identity.agents.config.debug.file.size = 10000000
com.sun.identity.agents.config.audit.accesstype = LOG_NONE
com.sun.identity.agents.config.log.disposition = REMOTE
com.sun.identity.agents.config.remote.logfile = amAgent_ly_asto_asia.log
com.sun.identity.agents.config.remote.log.interval = 5
com.sun.identity.agents.config.local.log.rotate = false
com.sun.identity.agents.config.local.log.size = 52428800
com.sun.identity.agents.config.notification.enable = true
com.sun.identity.client.notification.url = http://ly.asto.asia:80/UpdateAgentCacheServlet?shortcircuit=false
com.sun.identity.agents.config.url.comparison.case.ignore = true
com.sun.identity.agents.config.policy.cache.polling.interval = 3
com.sun.identity.agents.config.sso.cache.polling.interval = 3
com.sun.identity.agents.config.userid.param = UserToken
com.sun.identity.agents.config.userid.param.type = SESSION
com.sun.identity.agents.config.profile.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid] = uid
com.sun.identity.agents.config.session.attribute.fetch.mode = NONE
com.sun.identity.agents.config.session.attribute.mapping[] =
com.sun.identity.agents.config.response.attribute.fetch.mode = HTTP_HEADER
com.sun.identity.agents.config.response.attribute.mapping[uid] = uid
com.sun.identity.agents.config.attribute.multi.value.separator = |
com.sun.identity.agents.config.load.balancer.enable = false
com.sun.identity.agents.config.agenturi.prefix = http://ly.asto.asia:80/amagent
com.sun.identity.agents.config.locale = en_US
com.sun.identity.agents.config.sso.only = false
com.sun.identity.agents.config.access.denied.url =
com.sun.identity.agents.config.fqdn.check.enable = true
com.sun.identity.agents.config.fqdn.default = ly.asto.asia
com.sun.identity.agents.config.fqdn.mapping[] =
com.sun.identity.agents.config.cookie.reset.enable = false
com.sun.identity.agents.config.cookie.reset[0] =
com.sun.identity.agents.config.anonymous.user.enable = false
com.sun.identity.agents.config.anonymous.user.id = anonymous
com.sun.identity.agents.config.notenforced.url[0] =
com.sun.identity.agents.config.notenforced.url.invert = false
com.sun.identity.agents.config.notenforced.url.attributes.enable = false
com.sun.identity.agents.config.notenforced.ip[0] =
com.sun.identity.agents.config.postdata.preserve.enable = false
com.sun.identity.agents.config.postcache.entry.lifetime = 10
com.sun.identity.agents.config.postdata.preserve.lbcookie =
com.sun.identity.agents.config.client.ip.validation.enable = false
com.sun.identity.agents.config.profile.attribute.cookie.prefix = HTTP_
com.sun.identity.agents.config.profile.attribute.cookie.maxage = 300
com.sun.identity.agents.config.cdsso.enable = false
com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = http://oa.asto.asia:8787/openam/cdcservlet
com.sun.identity.agents.config.cdsso.cookie.domain[0] =
com.sun.identity.agents.config.logout.url[0] = http://oa.asto.asia:8787/openam/UI/Logout
com.sun.identity.agents.config.agent.logout.url[0] =
com.sun.identity.agents.config.logout.cookie.reset[0] =
com.sun.identity.agents.config.logout.redirect.url =
com.sun.identity.agents.config.fetch.from.root.resource = true
com.sun.identity.agents.config.get.client.host.name = false
com.sun.identity.agents.config.convert.mbyte.enable = false
com.sun.identity.agents.config.encode.url.special.chars.enable = false
com.sun.identity.agents.config.encode.cookie.special.chars.enable = false
com.sun.identity.agents.config.ignore.path.info = false
com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list = true
com.sun.identity.agents.config.override.protocol =
com.sun.identity.agents.config.override.host =
com.sun.identity.agents.config.override.port =
com.sun.identity.agents.config.override.notification.url =
com.sun.identity.agents.config.auth.connection.timeout =
com.sun.identity.agents.config.ignore.server.check = false
com.sun.identity.agents.config.poll.primary.server = 5
com.sun.identity.agents.config.ignore.preferred.naming.url = true
com.sun.identity.agents.config.polling.interval = 60
com.sun.identity.agents.config.cleanup.interval = 30
com.sun.identity.agents.config.iis.auth.type = dsame
com.sun.identity.agents.config.replaypasswd.key =
com.sun.identity.agents.config.iis.filter.priority = HIGH
com.sun.identity.agents.config.iis.owa.enable = false
com.sun.identity.agents.config.iis.owa.enable.change.protocol = false
com.sun.identity.agents.config.iis.owa.enable.session.timeout.url =
com.sun.identity.agents.config.proxy.override.host.port = false
com.sun.identity.agents.config.domino.check.name.database = false
com.sun.identity.agents.config.domino.ltpa.enable = false
com.sun.identity.agents.config.domino.ltpa.cookie.name = LtpaToken
com.sun.identity.agents.config.domino.ltpa.config.name = LtpaToken
com.sun.identity.agents.config.domino.ltpa.org.name =
com.sun.identity.agents.config.policy.clock.skew = 0
com.sun.identity.agents.config.redirect.param = goto
com.sun.identity.agents.config.client.ip.header =
com.sun.identity.agents.config.client.hostname.header =
我真的需要你的帮助。如果您有任何想法,我很高兴听到。
最佳答案
你是如何检查请求头的?来自 chrome 中的“开发工具”之类的浏览器插件?如果是这样,您将找不到该 header ,因为它是由 openam 网络代理更新的。您只能在 IIS 服务器端获取该 header 。另外,您是如何配置代理 key 映射的?根据我的经验,我使用 cn=my-user-id,并且我可以在我的服务提供商端获得值为“经过身份验证的用户的 id”的 header my-user-id。
关于java - 登录后无法从 OpenAM 获取 uid,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32906958/