Shibboleth SP - Reading assertion attributes from Java

Question

I understand that configured attributes will be stored as environment variables by default and will be accessible like

request.getAttribute(\"Shib-Identity-P         


        

Answer 1

I missed the below config

<Location /appname>
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    require valid-user
</Location>

For Reference: https://wiki.surfnet.nl/display/surfconextdev/My+First+SP+-+Java

Answer 2

1. Make sure you have this field in you attribute map file.

   1.1 And idP has to send the attribute too.

2. Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)

   2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.

   2.2 In your servlet/handler of /secure path try getting attribute as request.getHeader("AJP_attrName").

   (Can try following too if this does not work a. reqest.getAttribute("attr") b. reqest.getAttribute("AJP_attr") c. header.getAttribute("attr") c. header.getAttribute("AJP_attr"). I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)

Answer 3

I could get the values in Headers. For me below line worked which I added in tag

<Location /login >
    AuthType Shibboleth
    ShibRequireSession On
    ShibUseHeaders On
    require valid-user
</Location>