Shibboleth搭建idp和阿里云SSO集成-资料汇总

sso配置

1.idp安装，配置 nameid为啥没有生效

attribute-filter.xml配置文件没有写对

<!--value="https://signin.aliyun.com/xxxxxx/saml/SSO" 要和主账号ID的sso配置相同 -->
	<AttributeFilterPolicy id="aliyun">
        <PolicyRequirementRule xsi:type="Requester" value="https://signin.aliyun.com/xxxxxx/saml/SSO" />
            <AttributeRule attributeID="mail">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
    </AttributeFilterPolicy>

2.域名绑定 idp 部署tomcat服务 运维童鞋开发80、443端口号，构建tomcat服务（安装证书，设置私匙密码）

3.阿里云sso 用户sso配置，上传metadata.xml

4.企业后台 配置jaas认证用户，添加用户账号和密码

 

数据中台dataphin的域名

 

idp主动登录 绕过ram登录页面

web登录阿里云的auth

https://help.aliyun.com/document_detail/93696.html?spm=a2c4g.11186623.6.643.4e4353e81pNW8O

1.需要配置sso auth

https://signin.aliyun.com/oauth2/v1/auth?
client_id=123****
redirect_uri=https%3A%2F%2Fyourwebapp.com%2Fauthcallback%2F&
response_type=code&
scope=openid%20%2Facs%2Fccc&
access_type=offline&
state=123456****

A出发的地方从这里安装

巴梨的两篇教程 安装 Shibboleth

https://yq.aliyun.com/articles/350531?tdsourcetag=s_pcqq_aiomsg&do=login&accounttraceid=87b0f203-5d81-4cb7-a986-49615e3962e2#

 

SSO场景系列：实现Shibboleth+JAAS+Mysql到阿里云的单点登录

https://yq.aliyun.com/articles/365171?spm=a2c4e.11155435.0.0.452c7a1f9c0xGN

 

另外一篇讲解samlrequest的文章

阿里云子账号SAML SSO流程分析

https://yq.aliyun.com/articles/491811?spm=a2c4e.11155435.0.0.452c7a1fF1Rmk2

 

实现Shibboleth+JAAS+Mysql到阿里云的单点登录 相同的一篇文章

https://blog.csdn.net/weixin_34311757/article/details/90120057

 

 

idp概念 sp的概念

saml1.0、saml2.0、flow、global.xml、 attribute-filter.xml、attribute-resolver.xml、replying-party.xml

jaas的配置

password_authn_config.xml、jaas.config

https://wiki.shibboleth.net/confluence/display/CONCEPT/Home

 

一手资料

官网教程

https://wiki.shibboleth.net/confluence/display/IDP30/RelyingPartyConfiguration

 

https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO

 

UnsolicitedSSOConfiguration

https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration

 

https://shibboleth.1660669.n2.nabble.com/unsolicited-sso-td7005076.html

 

类似阿里云的saml管理配置服务商

https://www.gluu.org/docs/ce/admin-guide/saml/

 

providerId 阿里云的

（Craft a URL like this: https://idp.gluu.host.loc/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fsphost-shib.site%3a8443%2Fshibboleth,）

 

中文教程 概念 sso的saml

http://www.blogjava.net/security/archive/2006/10/02/sso_in_action.html

https://www.cnblogs.com/gimmeangel/p/3920736.html

https://www.cnblogs.com/perfectdesign/archive/2008/04/10/saml_federation.html saml的面纱

 

csdn的教程

Shibboleth SSO 登录流程

https://blog.csdn.net/xiangguiwang/article/details/54880619

基于shibboleth的分布式认证之IDP配置

https://blog.csdn.net/sjbup/article/details/8840443

 

Shibboleth搭建IDP服务

https://blog.csdn.net/SuperCrrazy/article/details/82491454

 

阿里云官网教程

单点登录sso

https://help.aliyun.com/document_detail/110499.html?spm=a2c4g.11186623.6.622.17d4d19ekMuGl0

auth认证

https://help.aliyun.com/document_detail/93696.html?spm=a2c4g.11186623.6.643.2a4553e8JKViAt

 

案例

oxford的idp

https://secure.account.oup.com/idp/profile/SAML2/Unsolicited/SSO?execution=e3s1

standford的idp gitlab

https://code.stanford.edu/et-puppet/idp3

工具类 saml decode

https://idp.ssocircle.com/sso/toolbox/samlDecode.jsp?spm=a2c4e.10696291.0.0.6cf919a4mY4U8m&file=samlDecode.jsp

 

如果有问题可以联系我，邮箱：904582819#163.com,#替换为@

如果此篇文章有用的话，可以支持下小弟我的生意，河南宁陵贡梨个大酥甜~