Skip to content

feat: Add optional REST Controller to simulate Shibboleth's session handler

This pull requests adds an optional REST Controller to simulate a response that matches the exact JSON format of Shibboleth's session handler.

Example: log in to https://test.my.wisc.edu. After completing login, visit https://test.my.wisc.edu/Shibboleth.sso/Session.json.

This controller is not active by default; in order to add it, activate the Spring Profile named edu.wisc.uwss.simulated-shibboleth.

Sample response for Amy Administrator:

{
  expiration: 480,
  client_address: "0:0:0:0:0:0:0:1",
  protocol: "urn:oasis:names:tc:SAML:2.0:protocol",
  identity_provider: "https://logintest.wisc.edu/idp/shibboleth",
  authn_instant: "2016-05-16T17:40:37.762",
  authncontext_class: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
  attributes: [
    {
      name: "persistent-id",
      values: [ "https://logintest.wisc.edu/idp/shibboleth!https://fake.wisc.edu/shibboleth!thisis/fake/PE="
]
    },
    {
      name: "uid",
      values: [ "admin" ]
    },
    {
      name: "pubcookie-user",
      values: [ "admin" ]
    },
    {
    name: "wiscEduPVI",
    values: [ "UW000A000" ]
    }
  ]
}

The idea for this came from a discussion with @levett. Also notify @timothy-vertein @andrew-petro

Merge request reports

Loading