How to query decoded SAML response in Shbboleth SP version 3.0.1
Kannan, Satheesh (ELS-CON)
s.kannan.1 at elsevier.com
Fri Oct 22 11:37:41 UTC 2021
Thanks a lot, Peter.
I have successfully configured Assertion Export in sessions Element. When I try to access https://domain.com/SHIRE/GetAssertion seems to be getting Assertion Lookup Failed error returned with 500 response code. Also, accessing https://domain.com/secure doesn't work either.
1.Apache Level configured below
<Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibExportAssertion On
require shib-session
</Location>
2.Added Path in Request Mapper <Path authType="shibboleth" name="secure" />
3.Turned on cacheAssertions here <SessionCache cacheAssertions="true type="StorageService"/>
4.Added ExportLocation and ACL here <Sessions handlerURL="https://domain.com/SHIRE" exportLocation="/GetAssertion" exportACL="127.0.0.1 ::1" />
Seeing below error in Shar.log file
ERROR Shibboleth.Handler.AssertionLookup : assertion lookup request failed, missing required parameters
I didn't get any querystring or header, I'm missing. Do I have to include any additional headers?
Thanks,
Satheesh
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Thursday, October 21, 2021 9:35 PM
To: users at shibboleth.net
Subject: Re: How to query decoded SAML response in Shbboleth SP version 3.0.1
*** External email: use caution ***
* Kannan, Satheesh (ELS-CON) <s.kannan.1 at elsevier.com> [2021-10-21 17:51]:
> Your reply clarified a lot. My end goal is to display the decrypted
> the Reponse/Assertion in the User Interface *before SAML Assertion to
> be extracted and passed to an application.
Oh, and the Shib SP never "passes [Assertions or Reponses] to an application". Depending on the use/purpose that may have security implications and SAML has some rules for that, IIRC.
You may do that yourself, though, after getting the Assertion from the SP using the method I just described in my previous post.
-peter
--
For Consortium Member technical support, see https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fshibboleth.atlassian.net%2Fwiki%2Fx%2FZYEpPw&data=04%7C01%7Cs.kannan.1%40elsevier.com%7C6eef84020c494079c4da08d994ac974e%7C9274ee3f94254109a27f9fb15c10675d%7C0%7C0%7C637704291274197451%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6c7YtFs8P%2BDlZKO3GEXs9zszGqyrQtGU4Wphyo9fJGw%3D&reserved=0
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list