Shibboleth SP - Reading assertion attributes from Java

Question

I understand that configured attributes will be stored as environment variables by default and will be accessible like

request.getAttribute("Shib-Identity-Provider")

I tried that and after some googling I understood that to access them in Java through AJP.

I need to prefix this

<ApplicationDefaults id="default" policyId="default"
    entityID="https://idp.example.org"
    REMOTE_USER="eppn persistent-id targeted-id"
    signing="false" encryption="false" attributePrefix="AJP_">

I did that but I still keep getting null in my Java application

• Shib-Identity-Provider - null
• Shib-Session-ID - null
• Shib-Application-ID - null

Could someone help me figure out what I am missing to make it work?

Answer 1

I missed the below config

<Location /appname>
    AuthType shibboleth
    ShibRequestSetting requireSession 1
    require valid-user
</Location>

For Reference: https://wiki.surfnet.nl/display/surfconextdev/My+First+SP+-+Java

Answer 2

1. Make sure you have this field in you attribute map file.

   1.1 And idP has to send the attribute too.

2. Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)

   2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.

   2.2 In your servlet/handler of /secure path try getting attribute as request.getHeader("AJP_attrName") .

   (Can try following too if this does not work a. reqest.getAttribute("attr") b. reqest.getAttribute("AJP_attr") c. header.getAttribute("attr") c. header.getAttribute("AJP_attr") . I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)

Answer 3

I could get the values in Headers. For me below line worked which I added in tag

<Location /login >
    AuthType Shibboleth
    ShibRequireSession On
    ShibUseHeaders On
    require valid-user
</Location>