How to query decoded SAML response in Shbboleth SP version 3.0.1

Kannan, Satheesh (ELS-CON) s.kannan.1 at
Fri Oct 22 11:37:41 UTC 2021

Thanks a lot, Peter.

I have successfully configured  Assertion Export in sessions Element. When I try to access seems to be getting Assertion Lookup Failed error returned with 500 response code. Also, accessing doesn't work either.
1.Apache Level configured below
<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  ShibExportAssertion On
  require shib-session
2.Added Path in Request Mapper <Path authType="shibboleth"  name="secure" />
3.Turned on  cacheAssertions  here <SessionCache cacheAssertions="true type="StorageService"/>
4.Added ExportLocation and ACL here <Sessions handlerURL=""  exportLocation="/GetAssertion" exportACL=" ::1" />

Seeing below error in Shar.log file
ERROR Shibboleth.Handler.AssertionLookup : assertion lookup request failed, missing required parameters

I didn't get any querystring or header, I'm missing. Do I have to include any additional headers?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Peter Schober
Sent: Thursday, October 21, 2021 9:35 PM
To: users at
Subject: Re: How to query decoded SAML response in Shbboleth SP version 3.0.1

*** External email: use caution ***

* Kannan, Satheesh (ELS-CON) <s.kannan.1 at> [2021-10-21 17:51]:
> Your reply clarified a lot. My end goal is to display the decrypted 
> the Reponse/Assertion in the User Interface *before SAML Assertion to 
> be extracted and passed to an application.

Oh, and the Shib SP never "passes [Assertions or Reponses] to an application". Depending on the use/purpose that may have security implications and SAML has some rules for that, IIRC.

You may do that yourself, though, after getting the Assertion from the SP using the method I just described in my previous post.

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list