IDPv3 X509Auth - accessing certificate

Tom Zeller tzeller at
Tue Dec 15 19:58:50 EST 2015

> On Dec 15, 2015, at 5:29 PM, Emilio Penna <emilio.penna at> wrote:
> Hi, I configured IdP v3 for x509 authn, and works OK.
> Now I'm trying to access the certificate in a scripted attribute, so I can then extract some aditional information.
> The question:  how can I access the certificate in a script in the attribute resolver?
> I see that net.shibboleth.idp.authn.impl.X509AuthServlet sets the certificate in
> subject.getPublicCredentials().add(cert)
> httpRequest.setAttribute(ExternalAuthentication.SUBJECT_KEY, subject)
> My first idea is try to access the httpRequest and get that publicCredentials, In "Accessing other information" in
> it mentions the possibility to access HTTP information, but I can't see clearly how to access it in a script.

Not sure. But, the following scripted attribute definition and script logs the HTTP request attributes, HTH.

attribute-resolver.xml :

<resolver:AttributeDefinition id="exampleScript"  xsi:type="ad:Script" customObjectRef="shibboleth.HttpServletRequest">


logger = Java.type("org.slf4j.LoggerFactory").getLogger("exampleScript");
attributeNames = custom.getAttributeNames();
while (attributeNames.hasMoreElements()) {"Request attribute : {} ", attributeNames.nextElement());

More information about the users mailing list