Page History
...
<ApplicationDefaults> element:
entityID: the ID of our Service Provider (SP)
attributePrefix must be set to "AJP_" so that the attributes from the "attribute-map.xml" file (see below) are passed to Tomcat as request attributes (as opposed to request headers). See also server.xml SHRINE 4.0.0 Appendix A.5 - More Details: Tomcat Configuration on the same topic.
The REMOTE_USER xml attribute of ApplicationDefaults should be populated, in the form of a list of at least one attribute name; the first of which should normally be "userId", which is defined in attribute-map.xml.
...
The attribute-map.xml file (as set by the "path" xml attribute) will specify which attributes are extracted from the IdP's response and the name of the request headers or attributes they will be available as to the java Servlet code. More on this file below:
...
The path of this file is specified in the <AttributeExtractor> element in shibboleth2.xml. This file specifies the SAML content that your SP turns into "attributes". These will be made available to the Servlet Request running on Tomcat. For Shrine SSO, the only attribute needed here is the user id returned by the idP, mapped to the "userId" id so it matches the REMOTE_USER attribute in shibboleth2.xml.
IMPORTANT: you must specify exactly one attribute whose id is "userId". The Shrine SP code will look for a request attribute of that id to populate the user name in the code (which appears in the user account "badge" at the top-right corner of the UI).
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><!-- The 'name' attributes need to match exactly what your IdP sends in
its response to your (successful) AuthnRequest
-->
<Attribute name="[idP's name for the user id]" id="userId"/>
</Attributes>Attributes>
Overview
Content Tools