Get assertion attributes in my Spring boot application

Ana Sustic ana at sustic.com
Tue Sep 14 18:28:13 UTC 2021 

Hi All,

I have a spring boot application running on Apache Tomcat/7.0.76.
Shibboleth SP is running on Apache server. The resource /attributes/view is
secured using shibboleth.

I am not able to get assertion attributes in my application.

I am expecting that after I authenticate to the IDS (choose the
organisation and enter the username and password) I would get the
shibboleth attributes in the header. Instead I am getting "401 Unauthorised
This server could not verify that you are authorised to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required. "
in the browser. I do not get anything back in my spring log.

I have no previous experience with Shibboleth secured resources and would
like to get the attributes in my application.

This is my controller:

@RestController
public class SwitchController {

    Logger logger = LoggerFactory.getLogger(SwitchController.class);

    @RequestMapping("/attributes/view")
    public ResponseEntity<String> listAllHeaders(
            @RequestHeader Map<String, String> headers) {
        headers.forEach((key, value) -> {
            logger.info(String.format("Header '%s' = %s", key, value));
        });

        return new ResponseEntity<String>(
                String.format("Listed %d headers", headers.size()),
HttpStatus.OK);
    }
}

I tried also using Postman but that did not work either according this SO
question
<https://stackoverflow.com/questions/58751517/authentication-with-postman-on-a-saml-shibboleth-based-website-without-using-bro>
.

If I go to htts://servername/Shibboleth.sso/Session I get

        Miscellaneous
        Session Expiration (barring inactivity): 434 minute(s)
        Client Address: 130.60.114.122
        SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
        Identity Provider: https://idp-name/idp/shibboleth
        Authentication Time: 2021-09-14T13:13:12.334Z
        Authentication Context Class:
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
        Authentication Context Decl: (none)

        Attributes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210914/2a56bae1/attachment.htm>

More information about the users mailing list