How to query decoded SAML response in Shbboleth SP version 3.0.1

Peter Schober peter.schober at
Fri Oct 22 12:49:35 UTC 2021

* Kannan, Satheesh (ELS-CON) <s.kannan.1 at> [2021-10-22 13:38]:
> I have successfully configured  Assertion Export in sessions
> Element. When I try to access
> seems to be getting Assertion Lookup Failed error returned with 500
> response code.

It seems you have found the documentation
but you're still not following the algorithm described there to get
access to the assertion. Quoting the relevant part below:

> Then, when instructed to do so for a request (via the exportAssertion
> content setting), the application will be given a header or variable
> called Shib-Assertion-Count with the number of assertions that are
> available.
> The URL to query for each assertion is passed in an individual header
> or variable named Shib-Assertion-NN, where NN is the two-digit
> sequence number of the assertion(01, 02, etc). Performing a GET on
> that location will result in the assertion, with a MIME type of
> "application/samlassertion+xml".

See this example code I wrote to illustrate usage:

> 1.Apache Level configured below
> 2.Added Path in Request Mapper <Path authType="shibboleth"  name="secure" />

There's no need to be using the Request Mapper (at all) when using
Apache httpd.

> ERROR Shibboleth.Handler.AssertionLookup : assertion lookup request
> failed, missing required parameter

"missing required parameter" is what's wrong.


More information about the users mailing list