IdP access to server environment variables

Jim Fox fox at
Thu Sep 29 19:31:51 BST 2011

I think the attribute resolver is too far removed from the user's
login for your script to have access to tomcat's session.

You might consider writing a custom login handler that stores your
login attributes in the UserSession object, to which your resolver
script does have access.


On Thu, 29 Sep 2011, Liam Hoekenga wrote:

> Date: Thu, 29 Sep 2011 09:57:58 -0700
> From: Liam Hoekenga <liamr at>
> To: users at
> Reply-To: Shib Users <users at>
> Subject: Re: IdP access to server environment variables
>> For the general case use getAttribute, e.g.
>>    httpRequest.getAttribute('some_attribute_name');
>> and omit the 'AJP_'.
> But is this somehow available within the scripted attribute resolver?
> Would I need to import javax.servlet and javax.servlet.http?
> Liam
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list