Shibboleth 3 attributes not exposed from Apache 2.4 as environment variables

vasileios.koukoutsas at vasileios.koukoutsas at
Sat Dec 14 08:26:38 EST 2019

Hello Shibboleth community! 

We have setup Shibboleth as described in Switch SP Configuration.
We are using Ubuntu with Apache 2.4 and Spring Boot on the back-end (embedded Tomcat 8.5).
There are no errors in either Apache or shibboleth logs.

After several tries to  get the attributes through the Spring Boot app I get null values when I call the request.getAttribute() method to request a specific attribute.
In the /Shibboleth.sso/Session I can see all the attributes and their values as expected.

My Apache.conf relevant configuration is:

ProxyPass /Shibboleth.sso/* !

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied

<Directory /usr/share>
	AllowOverride None
	Require all granted

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted

<Location /Shibboleth.sso>
  SetHandler shib

<Location /app/>
  AuthType shibboleth
  ShibRequestSetting requireSession true
  ShibUseEnvironment On
  #ShibUseHeaders On
  Require shib-attr swissEduIDLinkedAffiliation ~ .*@.*

ProxyIOBufferSize 65536

In the proxy_html.conf I have added the configuration:

ProxyRequests Off
ProxyPass /Shibboleth.sso/* !
ProxyPass /app/ https://localhost:10050/app/
ProxyPassReverse /app/ https://localhost:10050/app/

ProxyHTMLURLMap https://localhost:10050/app/ /app/

<Location /app/>
   ProxyPassReverse /
   SetOutputFilter  proxy-html
   ProxyHTMLURLMap  /app/ /app/
   RequestHeader    unset  Accept-Encoding

and in the sites-enabled my app-le-ssl.conf configuration is:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerAdmin webmaster at localhost

    RequestHeader set X-Forwarded-Proto "https"
    <Proxy ajp://localhost:8009>
      Require all granted
    SSLProxyEngine On
    ProxyPass /app/  ajp://localhost:8009/app/
    ProxyPassReverse /app/ ajp://localhost:8009/app/
    ProxyPass /Shibboleth.sso/* ! 
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf

My ApplicationDefaults and Sessions configuration in shibboleth2.xml is:

<ApplicationDefaults entityID=""
                         REMOTE_USER="persistent-id uniqueID affiliation eppn swissEduIDLinkedAffiliation"
			 signing="false" encryption="false"

<Sessions lifetime="28800"

Since I cannot see the attributes in Java and the attributes/values are shown in /Shibboleth.sso/Session I assume that my Apache configuration is wrong or something is missing.
Please provide some assistance as I am not able to determine what is the fault.

Thanks in advance for your help, it is much appreciated!

Kind regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list