saml:AuthenticatingAuthority and Assertion Extraction

Andy Bennett andyjpb at
Thu Apr 24 10:39:33 EDT 2014


I'm running a 2.4.3+dfsg-2~bpo60+1 Shibboleth Service Provider and I'm
interested in getting at saml:AuthenticatingAuthority. This appears to
be an "Assertion" rather than an "Attribute" and I'm having trouble
working out how to extract it.

I've got exportAssertion="true" set on <Host ...> in <RequestMap> in
<RequestMapper ...> in shibboleth2.xml and I'm seeing
Shib-Identity-Provider CGI variables but I've *never* seen any
Shib-Assertion-Count or Shib-Assertion-NN CGI variables.

seems to claim that an XML AttributeExtractor can extract things from
<saml2:Assertion> but I'm not sure what syntax to put in
attribute-map.xml to make this work.

seems to imply that I might not be able to do this without upgrading to
the 2.5 SP software.

A bit of Googling suggests there were some commits over 2 years ago
which added some kind of functionality along these lines but it's not
clear what release they went into.

Can anyone offer any advice about how to do this and how to use
attribute-map.xml to extract assertions.

Many thanks.


andyjpb at

More information about the users mailing list