apache - 如何覆盖 SAML 的 SP 元数据 Auth_mod_mellon apache 模块
问题描述
我们的应用服务器部署了不同的应用程序,例如 app-user-registration app-portal app-module1 等。
现在我们要保护具有不同 SP 元数据、证书、密钥的应用程序用户注册应用程序以及具有相同 SP 元数据的其余应用程序。所以我们在 mellon.conf 中配置了下面的东西
<location /app-user-registration>
Require valid-user
AuthType "Mellon"
MellonEnable "auth"
MellonVariable "cookie"
MellonSamlResponseDump On
MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.xml
MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.key
MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com_app-user-registration.cert
MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
# MellonMergeEnvVars On
MellonUser "NAME_ID"
MellonSetEnv "uid" "uid"
RequestHeader set uid "%{MELLON_uid}e"
</location>
<location />
Require valid-user
AuthType "Mellon"
MellonEnable "auth"
MellonVariable "cookie"
MellonSamlResponseDump On
MellonSPMetadataFile /opt/httpd24SAML/conf.d/https_app.foo.com.xml
MellonSPPrivateKeyFile /opt/httpd24SAML/conf.d/https_app.foo.com.key
MellonSPCertFile /opt/httpd24SAML/conf.d/https_app.foo.com.cert
MellonIdPMetadataFile /opt/httpd24SAML/conf.d/idp-metadata.xml
# MellonMergeEnvVars On
MellonUser "NAME_ID"
MellonSetEnv "uid" "uid"
RequestHeader set uid "%{MELLON_uid}e"
</location>
但是这个配置不起作用。每当用户访问https://app.foo.com/app-user-registration<location/>
时,它都会从而不是从继承 SP 元数据、密钥、证书<location /app-user-registration>
。
由于此 IDP 显示 Access denied 错误,因为 IDP 想要 SAML 请求中的以下内容。
<SAML:issuer>https://app.foo.com/app-user-registration</SAML:issuer>
那么 mod_auth_mellon 配置中有没有办法覆盖默认的 SP 元数据、密钥、<location /app-user-registration>
标签证书?
谢谢钦坦
解决方案
推荐阅读
- visual-studio-code - ESLint in VSCode not fixing on save
- javascript - I want to add edit button on my table and open the form on model when click demo modal button?
- jquery - jQuery getting closest html when I have to use the same IDs for forms
- python - New Twitch API getting json data Python 3
- azure-devops - Azure Pipelines: How to have a permission limited resource let forks pass without access?
- c++ - How to declare STL style C++ hash map iterator?
- php - Google.visualization.dashboard not rendering with json array php
- spring - 尾随 lambda 的上下文
- django - 由于包含“!”而导致的 Django SECRET_KEY 错误 在秘钥中
- sql-server - 无法将数据库架构复制到另一个 SQL Server 实例