Using Apache Tomcat only as authentication filter to parse SAML attributes from the IdP

Cantor, Scott cantor.2 at
Wed Aug 12 16:29:17 EDT 2015

On 8/12/15, 2:46 PM, "users on behalf of Alvarez, Dyana I" <users-bounces at on behalf of d.alvarez2 at> wrote:

>I would like to know if anyone has implemented Apache Tomcat to parse SAML response from the IdP to extract attributes and allow access to users.

You're going to have be clearer about what you think that means. An SP (like Shibboleth) exposes the data without the need for parsing the SAML response so that's not a common requirement. If you're talking about what an SP *does*, that is not remotely as simple as "parse a SAML response", and that is not realistic to consider doing.

>It’s a way to filter users using Apache Tomcat only, not using any programming language such as PHP, or java.

Tomcat is in Java. Building an SP inside Tomcat is simply one design vector for implementing an SP in Java (and not a very good one).

-- Scott

More information about the users mailing list