The <ResponseMapping> element provides an instance of the HTTPResponseMappingStrategy interface that produces result attributes from a web service response, in real time, using a script. The supplied script is expected to consume the HttpResponse instance and produce any desired results. It may raise exceptions if necessary.

For simple use cases, the HttpClientSupport class includes a number of toString methods that can translate the entire response into a string using appropriate character set handling and while enforcing size limits. This supports chunked responses for which the server doesn't know the actual size ahead of time, which is common with web services.

In addition, note that Javascript interpreters include a JSON object that automates the parsing of JSON data.

Schema Name and Location

The <ResponseMapping> element is a configuration element of type ScriptType. Both the element and its type are defined in the urn:mace:shibboleth:2.0:resolver namespace, the schema for which is located at

The following sections describe the attributes and elements of the ScriptType type.


An element of type ScriptType has the following XML attributes:






stringoptional"javascript"Defines the JSR-223 language to use. The default is ECMAScript using either the Rhino (Java 7) or Nashorn (Java 8) engines.

customObjectRef 3.2

The ID of a Spring bean defined elsewhere in the configuration.

If the customObjectRef attribute is present, the result of the referenced Spring bean is made available to the script in a variable named custom. This is in addition to the normal script context discussed below.

Child Elements

An element of type ScriptType has the following child elements:


Exactly One

An inline script
Path to a local file or classpath resource containing the script

The script may be stored in a local file (with <ScriptFile>) or written inline (with <Script>). An inline script should be wrapped with a CDATA section to prevent interpretation of any special XML characters that may be included in the script.

Always wrap inline scripts with a CDATA section

Always wrap inline scripts with a CDATA section, even if the script contains no special XML characters. This will future-proof your script.

Script Context

As enumerated below, several variables are available in the template context.



Instance of HttpResponse to process


A class logger for debugging
customCustom object supplied via customObjectRef configuration attribute, if any
connectorResultsPre-defined Set<IdPAttribute> variable to populate with output results

Unlike a lot of the scripted versions of objects across the system, there is no direct access to the ProfileRequestContext tree that exposes the state of the request. However, it's easy to get access to it by using a servlet request attribute named "opensamlProfileRequestContext". You can inject the servlet request object through the customObjectRef hook (set it to "shibboleth.HttpServletRequest").


The example illustrates a JSON-based web service. Some of the error handling in the JSON structure is elided, but it illustrates that the response data can be trivially turned into native Javascript objects with a couple of lines of code, and the rest is mechanical.

Example processing a JSON response
	var HashSet = Java.type("java.util.HashSet");
	var HttpClientSupport = Java.type("");
	var IdPAttribute = Java.type("net.shibboleth.idp.attribute.IdPAttribute");
	var StringAttributeValue = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
	// Limits length to 64k
	var body = HttpClientSupport.toString(response.getEntity(), "UTF-8", 65536);
	var result = JSON.parse(body);

	var attr = new IdPAttribute("grouperGroup");
	var values = new HashSet();
	if (result.wsGroups != null) {
		for (var i=0; i<result.wsGroups.length; i++) {
			values.add(new StringAttributeValue(result.wsGroups[i].name));