sso配置
1.idp安装,配置 nameid为啥没有生效
attribute-filter.xml配置文件没有写对
<!--value="https://signin.aliyun.com/xxxxxx/saml/SSO" 要和主账号ID的sso配置相同 -->
<AttributeFilterPolicy id="aliyun">
<PolicyRequirementRule xsi:type="Requester" value="https://signin.aliyun.com/xxxxxx/saml/SSO" />
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
2.域名绑定 idp 部署tomcat服务 运维童鞋开发80、443端口号,构建tomcat服务(安装证书,设置私匙密码)
3.阿里云sso 用户sso配置,上传metadata.xml
4.企业后台 配置jaas认证用户,添加用户账号和密码
数据中台dataphin的域名
idp主动登录 绕过ram登录页面
web登录阿里云的auth
https://help.aliyun.com/document_detail/93696.html?spm=a2c4g.11186623.6.643.4e4353e81pNW8O
1.需要配置sso auth
https://signin.aliyun.com/oauth2/v1/auth?
client_id=123****
redirect_uri=https%3A%2F%2Fyourwebapp.com%2Fauthcallback%2F&
response_type=code&
scope=openid%20%2Facs%2Fccc&
access_type=offline&
state=123456****
A出发的地方从这里安装
巴梨的两篇教程 安装 Shibboleth
SSO场景系列:实现Shibboleth+JAAS+Mysql到阿里云的单点登录
https://yq.aliyun.com/articles/365171?spm=a2c4e.11155435.0.0.452c7a1f9c0xGN
另外一篇讲解samlrequest的文章
阿里云子账号SAML SSO流程分析
https://yq.aliyun.com/articles/491811?spm=a2c4e.11155435.0.0.452c7a1fF1Rmk2
实现Shibboleth+JAAS+Mysql到阿里云的单点登录 相同的一篇文章
https://blog.csdn.net/weixin_34311757/article/details/90120057
idp概念 sp的概念
saml1.0、saml2.0、flow、global.xml、 attribute-filter.xml、attribute-resolver.xml、replying-party.xml
jaas的配置
password_authn_config.xml、jaas.config
https://wiki.shibboleth.net/confluence/display/CONCEPT/Home
一手资料
官网教程
https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration
https://shibboleth.1660669.n2.nabble.com/unsolicited-sso-td7005076.html
类似阿里云的saml管理配置服务商
https://www.gluu.org/docs/ce/admin-guide/saml/
providerId 阿里云的
(Craft a URL like this: https://idp.gluu.host.loc/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fsphost-shib.site%3a8443%2Fshibboleth,)
中文教程 概念 sso的saml
http://www.blogjava.net/security/archive/2006/10/02/sso_in_action.html
https://www.cnblogs.com/gimmeangel/p/3920736.html
https://www.cnblogs.com/perfectdesign/archive/2008/04/10/saml_federation.html saml的面纱
csdn的教程
Shibboleth SSO 登录流程
https://blog.csdn.net/xiangguiwang/article/details/54880619
基于shibboleth的分布式认证之IDP配置
https://blog.csdn.net/sjbup/article/details/8840443
Shibboleth搭建IDP服务
https://blog.csdn.net/SuperCrrazy/article/details/82491454
阿里云官网教程
单点登录sso
https://help.aliyun.com/document_detail/110499.html?spm=a2c4g.11186623.6.622.17d4d19ekMuGl0
auth认证
https://help.aliyun.com/document_detail/93696.html?spm=a2c4g.11186623.6.643.2a4553e8JKViAt
案例
oxford的idp
https://secure.account.oup.com/idp/profile/SAML2/Unsolicited/SSO?execution=e3s1
standford的idp gitlab
https://code.stanford.edu/et-puppet/idp3
工具类 saml decode
如果有问题可以联系我,邮箱:904582819#163.com,#替换为@
如果此篇文章有用的话,可以支持下小弟我的生意,河南宁陵贡梨个大酥甜~