WSO2 IS Federated Authenticator 声明

Question

如何将联合身份验证器作为声明发送给我的服务提供商？

SP 想知道使用了哪一个来验证主题。是否有本地 IS 声明发送回 SP？

我已经知道始终发回经过身份验证的身份提供商列表，但我需要一个声明才能发送。

提前致谢。

Answer 1

您可以编写自定义声明处理程序来处理声明映射并将其部署到 IS 服务器中。您可以按照此文档创建自定义索赔处理程序 https://docs.wso2.com/display/IS580/Writing+a+Custom+Claim+Handler。您可以从 AuthneticatedUser 对象 [1].

中获取 federatedIdpName

示例代码如下。

public Map<String, String> handleClaimMappings(StepConfig stepConfig,
                                               AuthenticationContext context, Map<String, String> remoteAttributes,
                                               boolean isFederatedClaims) throws FrameworkException {

    String authenticatedUser = null;

    if (stepConfig != null) {
        //calling from StepBasedSequenceHandler
        authenticatedUser = stepConfig.getAuthenticatedUser();
    } else {
        //calling from RequestPathBasedSequenceHandler
        authenticatedUser = context.getSequenceConfig().getAuthenticatedUser();
    }

    Map<String, String> claims = handleExternalClaims(authenticatedUser);
    return claims;
}

private Map<String, String> handleExternalClaims(AuthenticatedUser authenticatedUser) throws FrameworkException {

    Map<String, String> externalClaims = new HashMap<String, String>();
    externalClaims.put("http://test.org/claims/idpName", authenticatedUser.getFederatedIdPName());
    return externalClaims;
}

[1]https://github.com/wso2/carbon-identity-framework/blob/master/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/model/AuthenticatedUser.java#L49

WSO2 IS Federated Authenticator 声明

WSO2 IS Federated Authenticator claim

wso2

wso2is