The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.


The key to diagnosing missing headers is the degree of the problem. You need to determine exactly what's missing, all the Shibboleth headers or just the attributes.

For any protected resource, the following headers are always available:

  • Shib-Identity-Provider
  • Shib-Authentication-Method
  • Shib-Application-ID

In non-Java environments, they will normally appear in their normalized form (HTTP_SHIB_IDENTITY_PROVIDER, etc.)

If you see those headers, but nothing else, you are dealing with an attribute failure of some sort. This is common because by default, with the propagateErrors option set to false , most attribute failures are hidden in favor of getting a session with the user created and running. Either the query for data failed (assuming a query is even being used), or the data was available but got filtered out by an AttributeAcceptancePolicy you created, or you were affected by the AssertionConditionInvalid problem. Check your shibd.log to determine which.

If you don't see any headers, chances are the request is not being protected as you expect. You may not have set up the web server or RequestMap properly. Another possibility is that you're accessing the headers incorrectly given the environment you're in.