Adding attributes as request parameters along with environment variables.
Peter Schober
peter.schober at univie.ac.at
Sat Aug 3 07:52:27 EDT 2013
* Brian Reindel <brian at reindel.com> [2013-08-03 02:21]:
> We have a thick client written entirely in JavaScript and served up by
> Apache (and protected by the Shibboleth module). Once a user has
> authenticated, that thick client needs to make use of some of the
> attributes passed back from the identity provider (most notable is an
> oauth access token). However, there is no server side processing to
> parse the attributes, so the thought was to grab them off the query
> string. Initially I attempted to rewrite the URl in Apache to take the
> environment variables and parse them into query strings before
> returning to the application. It seems though that the environment
> variables are not available until after the rewrite rules are
> processed. I can log the attribute environment variable, so I know it
> is being set.
How exactly are you protecting the resource? Everthing in one Location
with requireSession On? If not, sometimes having lazy sessions on <Location />
helps with rewriting stuff in other locations, IIRC.
> Is there another way I can do this? I have full control on the
> identity provider with a custom WAR deployed, so any possible
> options don't just need to involve the service provider.
The IdP doesn't factor into this at all. As for other ways, you could
write a very simple script to be run at the server, exporting
available attributes as YAML or JSON or something like that and let
the app parse the data from that shim. Such a script would be simple
enough to be written in as many different languages or frameworks as
your app needs to be deployed it.
-peter
More information about the users
mailing list