Get back user name

Joshua Hunter joshua at
Wed Dec 2 18:39:20 UTC 2020

I know this is super basic, but I need some hand holding. We are going to support SAML in our app. We will pass in the values via headers (yes, I know, security, but there isn't any good integration with any web server with our application framework).  How can I get the user name entered in the IdP into the headers the SP is providing to Apache?

This is for testing/dev. Our customers will be able to run whatever they like so long as they provide us the correct header(s).  Here is my setup:
* Everything is running on a single Windows 10 desktop
* Shibboleth IdP v4 with built-in Jetty
* Authentication is against a standard AD setup
* Apache 2.4 acting as a reverse proxy to the web server integrated into our application
* Shibboleth SP v3 with apache integration

I can login via the IdP and get to our app. What I can't do is get the username provided by the user into the headers.

Here is what I've done:
* I have headers enabled and see a bunch related to shibboleth in my app, just nothing that identifies the user. Quite a few are blank (subject-id, pairwise-id, persistent-id, REMOTE_USER, etc).
* I've turned up logging in the IdP to DEBUG, but everything interesting is encrypted.
* I've tried (and failed) to turn off encryption so I can see the attribute values. (idp.encryption.optional = true)
* Installed SAML-Tracer, but isn't any more useful than the logs


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list