IDPv3 X509Auth - accessing certificate
Tom Zeller
tzeller at dragonacea.biz
Tue Dec 15 19:58:50 EST 2015
> On Dec 15, 2015, at 5:29 PM, Emilio Penna <emilio.penna at seciu.edu.uy> wrote:
>
> Hi, I configured IdP v3 for x509 authn, and works OK.
>
> Now I'm trying to access the certificate in a scripted attribute, so I can then extract some aditional information.
>
> The question: how can I access the certificate in a script in the attribute resolver?
>
> I see that net.shibboleth.idp.authn.impl.X509AuthServlet sets the certificate in
> subject.getPublicCredentials().add(cert)
> httpRequest.setAttribute(ExternalAuthentication.SUBJECT_KEY, subject)
>
> My first idea is try to access the httpRequest and get that publicCredentials, In "Accessing other information" in https://wiki.shibboleth.net/confluence/display/IDP30/ScriptedAttributeDefinition
> it mentions the possibility to access HTTP information, but I can't see clearly how to access it in a script.
Not sure. But, the following scripted attribute definition and script logs the HTTP request attributes, HTH.
attribute-resolver.xml :
<resolver:AttributeDefinition id="exampleScript" xsi:type="ad:Script" customObjectRef="shibboleth.HttpServletRequest">
<ad:ScriptFile>%{idp.home}/conf/attribute-example-script.js</ad:ScriptFile>
</resolver:AttributeDefinition>
%{idp.home}/conf/attribute-example-script.js:
logger = Java.type("org.slf4j.LoggerFactory").getLogger("exampleScript");
attributeNames = custom.getAttributeNames();
while (attributeNames.hasMoreElements()) {
logger.info("Request attribute : {} ", attributeNames.nextElement());
}
More information about the users
mailing list