Versions Compared

Old Version 15

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Takeshi Nishimura

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Most of the variables created by the SP are controlled by you, and correspond to mapped attributes. A few are built into the SP and can't be renamed. Currently these are hardwired but in a future version most of them will be produced through the use of the recently introduced attribute extractor of type "Assertion". The built-in variables can be disabled (to avoid duplication with the extractor) with the content setting of exportStdVars="false".

Variable

Meaning

Shib-Application-ID

The applicationId property derived for the request.

Shib-Session-ID

The internal session key assigned to the session associated with the request.

Shib-Identity-Provider

The entityID of the IdP that authenticated the user associated with the request.

Shib-Authentication-Instant

The ISO timestamp provided by the IdP indicating the time of authentication.

Shib-Authentication-Method

The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.

Shib-AuthnContext-Class

The AuthenticationMethod or <AuthnContextClassRef> value supplied by the IdP, if any.

Shib-AuthnContext-Decl

The <AuthnContextDeclRef> value supplied by the IdP, if any.

Shib-Handler2.6The self-referential base location of the SP's "handlers" for use by applications in requesting login, logout, etc.

Tool-Specific Examples

Expand
Java
Java
Code Block
titleJava Environment Access
request.getAttribute("Shib-Identity-Provider")
Code Block
titleJava Header Access
request.getHeader("Shib-Identity-Provider")
Warning
titleStruts 2 Issue

An issue has been identified using environment variable access using Struts 2. When accessing a request attribute whose name contains a hyphen, and the attribute does not exist in the session, rather than returning a null value the Struts environment returns an instance of java.math.BigDecimal with the value '0'. This is related to Struts use of a wrapped servlet request and evaluation of the attribute name as an OGNL expression. Applications retrieving attribute data within this framework should take care to check the return value of request.getAttribute(name) for attribute names containing a hyphen. This affects all the custom SP variables noted above as well as certain default attribute names such as 'persistent-id'.

 


Shibboleth attributes are by default UTF-8 encoded. However, depending on the servlet contaner configuration they are interpreted as ISO-8859-1 values. This causes problems with non-ASCII characters. The solution is to re-encode attributes, e.g. with:

String value= request.getHeader("givenName");
value= new String( value.getBytes("ISO-8859-1"), "UTF-8");

...

Expand
ASP.NET
ASP.NET
Code Block
titleASP.NET Header Access
Request.Headers("Shib-Identity-Provider")
Expand
titleRuby on Rails
Code Block
titleRuby on Rails Environment Access
request.env["Shib-Identity-Provider"]
Code Block
titleRuby on Rails Header Access
request.headers[:HTTP_SHIB_IDENTITY_PROVIDER]