Get assertion attributes in my Spring boot application

Peter Schober peter.schober at
Tue Sep 14 19:09:02 UTC 2021

* Ana Sustic <ana at> [2021-09-14 20:28]:
> I have a spring boot application running on Apache Tomcat/7.0.76.
> Shibboleth SP is running on Apache server. The resource
> /attributes/view is secured using shibboleth.

Then first verify that the Apache httpd (and IDP) side of things are
working as expected.
Your /Shibboleth.sso/Session not showing any attributes is not a good
sign and simply means you can't expect anything after that, i.e.,
Tomcat, to show any attributes.

> I have no previous experience with Shibboleth secured resources and
> would like to get the attributes in my application.

The Shib SP write its ownlog files so that's where you'd look next.
transaction.log has successfully mapped attributes (probably none
at this point), shibd.log has everything else.

> This is my controller:

The Java doesn't factor into this, yet.

(And looping over all attributes may not work, either, as discussed
numerous times on this list. That's meant for later, once you have
your web server and/or the IDP configured correctly and the Shib SP is
showing attributes.
Also for later is that you didn't mention how you integrated Apache
httpd and Tomcat -- via AJP or HTTP Reverse Proxying -- and what
Tomcat version that is. But, again, let's keep that until you have
attributes showing up in the SP.)

>         Attributes

All we know so far is that the SP has no attributes available.
That can have many reasons, maybe the IDP is not sending any or
the SP is not configured to look for the ones the IDP is sending.

If the IDP doesn't encrypt the SAML Response (or Assertion) you can
see the SAML in the clear in your browser which is easiest using the
SAML-Tracer extension for Firefox or Chromium/Chrome.
If the Resopnse or Assertion is encrypted then ask the IDP what
exactly they are sending.


More information about the users mailing list