httpd attributes not mapped to AJP request for applicationId

Alex Kaiser kaiser at
Thu May 9 11:03:27 EDT 2019


I wonder whether anyone has a suggestion for the following problem.
We have a setup with httpd 2.4, shib 2.5.6, to tomcat via AJP, AJP_
attribute prefix, etc.

Works perfectly, we can see the log lines for session creation in
transaction.log and for session lookup and marshalling attributes in
native.log. We can also see the env variables in the tcpdump of the AJP
request, and we receive them properly in tomcat.

Now we have requirements to add a second logical shibboleth instance.
For this we use the <ApplicationOverride> tag in shibboleth2.xml and a 2nd
vhost with

<Location / >
   ShibRequestSetting applicationId myapp

Again for this 2nd setup mostly it works fine, shib session is properly
created and  we see in transaction.log that it is associated with *myapp *and
attributes are mapped, also on /Shibboleth.sso/Session endpoint we can
retrieve the session info and can see the mapped attribute names, ...
.. but,...
...  for some reason in the second setup the httpd env variables are NOT
mapped to AJP request, they are not in tcpdump, and nothing is logged at
all in native.log.

The vhost definitions for both default and 2nd setup are almost identical
(apart from ServerName and the ShibRequestSetting given above).

Has anyone ever experienced this and any hint as to what might be causing
this problem?


Alexander Kaiser
Textkernel BV
System Integrations
Tel: +31 20 494 2496
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list