2

在这种情况下,我一直在尝试使用 ForgeRock 人员的 OpenIG 身份网关来集成一些遗留系统,特别是我将它与来自 Ars Digita 和不同机构的 OpenACS+.LRN 项目一起使用。

问题出在:使用 OpenIG 文档中的配方提取隐藏值并回复请求的 cookie 以避免安全问题,我收到了成功的 POST 请求以登录系统,但在请求之后,OpenACS 日志告诉我最初的请愿书请求的http://10.10.10.10/register不是真正的客户请愿书http://openacs-domain.com/register,而是中断到 302 重定向到 IP 方向以进行新的登录。

我已修改 /etc/hosts 以检查它是否执行名称解析但没有成功。

奇怪的是,如果我在发出初始请求时回到域,我有一个有效的启动会话,一切都很酷。

我希望我的描述性足够强,并且有人对此有解决方案。我将附上我的 config.json

    {
  "heap": {
    "objects": [
    {
        "name": "HandlerServlet",
        "comment": "Entry point that transforms Servlet request to handler request.",
        "type": "HandlerServlet",
        "config": {
            "handler": "DispatchHandler",
            "baseURI":"http://10.10.10.10"
        }
    },
    {      
        "name": "DispatchHandler",
        "type": "DispatchHandler",
        "config": {
            "bindings": [  
                {                      
                    "condition": "${exchange.request.uri.path == '/register/'}",
                    "handler": "LoginChain"
                },
                {                      
                    "handler": "OutgoingChain",
                },
            ]  
        }  
    },
    {
        "name": "LoginChain",
        "type": "Chain",
        "config": {
            "filters": ["SwitchFilter", "HiddenValueExtract"],
            "handler": "OutgoingChain"
        }  
    },
    {
        "name": "HiddenValueExtract",
        "type": "EntityExtractFilter",
        "config": {
            "messageType": "response",
            "target": "${exchange.hiddenValue}",
            "bindings": [
                {
                    "key": "time",
                    "pattern": "time\"\s.*value=\"(.{10})\"",
                    "template": "$1"
                },
                {
                    "key": "tokenId",
                    "pattern": "token_id\"\s.*value=\"(.{3})\"",
                    "template": "$1"
                },
                {
                    "key": "hash",
                    "pattern": "hash\"\s.*value=\"(.*)\"",
                    "template": "$1"
                }
            ]
        }       
    },
    {
        "name": "SwitchFilter",
        "type": "SwitchFilter",
        "config": {
            "onResponse": [
                {
                    "condition": "${exchange.response.status == 200}",
                    "handler": "LoginRequestHandler"
                }
            ]
        }
    },
    {
        "name": "LoginRequestHandler",
        "type": "Chain",
        "config": {
            "filters": ["LoginRequest"],
            "handler": "OutgoingChain"
        }  
    },
    {  
        "name": "LoginRequest",
        "type": "StaticRequestFilter",
        "config": {
            "method": "POST",
            "uri": "http://10.10.10.10/register/",
            "form": {
                "form:mode": ["edit"],
                "form:id": ["login"],
                "__confirmed_p": ["0"],
                "__refreshing_p": ["0"],
                "return_url": ["/dotlrn/control-panel"],
                "time": ["${exchange.hiddenValue.time}"],
                "token_id": ["${exchange.hiddenValue.tokenId}"],
                "hash": ["${exchange.hiddenValue.hash}"]
                "email": ["user.example@gmail.com"],
                "password": ["password"]
            }
            "headers": {
                "cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
            }  
        }  
    },
    {
        "name": "OutgoingChain",
        "type": "Chain",
        "config": {
            "filters": ["CaptureFilter"],
            "handler": "ClientHandler"
        }  
    },
    {  
        "name": "CaptureFilter",
        "type": "CaptureFilter",
        "config": {
            "captureEntity": false,
            "file": "/tmp/gateway.log",
        }      
    },
    {
        "name": "ClientHandler",
        "comment": "Responsible for sending all requests to remote servers.",
        "type": "ClientHandler",
        "config": {
            }
        }
    ]
  },
  "servletObject": "HandlerServlet",
}
4

1 回答 1

2

这是最终版本:

{


"heap": {
    "objects": [
    {
        "name": "LogSink",
        "comment": "Default sink for logging information.",
        "type": "ConsoleLogSink",
        "config": {
            "level": "DEBUG",
        }
    },
    {
        "name": "DispatchServlet",
        "type": "DispatchServlet",
        "config": {
            "bindings": [
                {
                    "pattern":"^/saml",
                    "object":"FederationServlet"
                },
                {
                    "pattern":"",
                    "object":"HandlerServlet"
                }
            ]
        }
    },
    {
        "name": "FederationServlet",
        "type": "org.forgerock.openig.saml.FederationServlet",
        "config": {
            "assertionMapping": {
                "userName":"mail",
                "password":"employeenumber"
            },
            "subjectMapping":"subjectName",
            "redirectURI":"/register",
            "logoutURI":"/register/logout"
         }
    },
    {
        "name": "HandlerServlet",
        "comment": "Entry point that transforms Servlet request to handler request.",
        "type": "HandlerServlet",
        "config": {
            "handler": "DispatchHandler",
            "baseURI":"http://www.plataformaciapem.org.mx"
        }
    },
    {      
        "name": "DispatchHandler",
        "type": "DispatchHandler",
        "config": {
            "bindings": [  
                {                      
                    "condition": "${exchange.request.uri.path != '/register/'}",
                    "handler": "ClientHandler"
                },
                {
                    "condition": "${empty exchange.session.userName}",
                    "handler": "SPInitiatedSSORedirectHandler",
                },
                {                      
                    "handler": "LoginChain",
                },
            ]  
        }  
    },
     {
        "name": "SPInitiatedSSORedirectHandler",
           "type": "StaticResponseHandler",
           "config": {
               "status": 302,
               "reason": "Found",
               "headers": {
                   "Location": ["http://www.plataformaciapem.org.mx/saml/SPInitiatedSSO"]
               }
           }
    },
    {
        "name": "LoginChain",
        "type": "Chain",
        "config": {
            "filters": ["SwitchFilter", "HiddenValueExtract"],
            "handler": "OutgoingChain"
        }  
    },
    {
        "name": "HiddenValueExtract",
        "type": "EntityExtractFilter",
        "config": {
            "messageType": "response",
            "target": "${exchange.hiddenValue}",
            "bindings": [
                {
                    "key": "time",
                    "pattern": "time\"\s.*value=\"(.{10})\"",
                    "template": "$1"
                },
                {
                    "key": "tokenId",
                    "pattern": "token_id\"\s.*value=\"(.{3})\"",
                    "template": "$1"
                },
                {
                    "key": "hash",
                    "pattern": "hash\"\s.*value=\"(.*)\"",
                    "template": "$1"
                }
            ]
        }       
    },
    {
        "name": "SwitchFilter",
        "type": "SwitchFilter",
        "config": {
            "onResponse": [
                {
                    "condition": "${exchange.response.status == 200}",
                    "handler": "LoginRequestHandler"
                }
            ]
        }
    },
    {
        "name": "LoginRequestHandler",
        "type": "Chain",
        "config": {
            "filters": ["LoginRequest"],
            "handler": "OutgoingChain"
        }  
    },
    {  
        "name": "LoginRequest",
        "type": "StaticRequestFilter",
        "config": {
            "method": "POST",
            "uri": "http://www.plataformaciapem.org.mx/register/",
            "form": {
                "form:mode": ["edit"],
                "form:id": ["login"],
                "__confirmed_p": ["0"],
                "__refreshing_p": ["0"],
                "return_url": ["/dotlrn/control-panel"],
                "time": ["${exchange.hiddenValue.time}"],
                "token_id": ["${exchange.hiddenValue.tokenId}"],
                "hash": ["${exchange.hiddenValue.hash}"]
                "email": ["${exchange.session.userName}"],
                "password": ["${exchange.session.password}"],
            }
            "headers": {
                "cookie": ["${exchange.response.headers['Set-Cookie'][0]}"],
            }  
        }  
    },
    {
        "name": "OutgoingChain",
        "type": "Chain",
        "config": {
            "filters": ["CaptureFilter"],
            "handler": "ClientHandler"
        }  
    },
    {  
        "name": "CaptureFilter",
        "type": "CaptureFilter",
        "config": {
            "captureEntity": false,
            "file": "/tmp/gateway.log",
        }      
    },
    {
        "name": "ClientHandler",
        "comment": "Responsible for sending all requests to remote servers.",
        "type": "ClientHandler",
        "config": {
            }
        }
    ]
  },
  "servletObject": "DispatchServlet",
}
于 2013-02-11T16:46:44.923 回答