Cannot get Shibboleth assertion attributes to my Spring Boot application

Question

I have a spring boot application running on Apache Tomcat/7.0.76. And I have Shibboleth SP running on Apache server.

I am not able to get assertion attributes to my application.

The user is getting authenticated against IDP whenever the user tries to access a protected resource /attributes/view.

My question is how do I access the Shibboleth SP attributes such name and last name in my Spring Boot App?

I do not get anything back in my spring log.

I have no previous experience with Shibboleth secured resources and would like to find out what do I get back as a response to analyse it further.

This is my controller:

@RestController
public class SwitchController {

    Logger logger = LoggerFactory.getLogger(SwitchController.class);

    @RequestMapping("/attributes/view")
    public ResponseEntity<String> listAllHeaders(
            @RequestHeader Map<String, String> headers) {
        headers.forEach((key, value) -> {
            logger.info(String.format("Header '%s' = %s", key, value));
        });

        return new ResponseEntity<String>(
                String.format("Listed %d headers", headers.size()), HttpStatus.OK);
    }
}

I tried also using Postman but that did not work either according this SO question.

Update:

Initially something was not correct between the SP and IDP. That is working correctly now and in this is what /Shibboleth.sso/Session returns after I authenticate:

Miscellaneous Session 
Expiration (barring inactivity): 479minute(s) 
Client Address: 130.60.114.82 SSO 
Protocol: urn:oasis:names:tc:SAML:2.0:protocol 
Identity Provider: https://hostname/idp/shibboleth 
Authentication Time: 2021-09-15T07:14:11.975Z 
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport 

Authentication 
Context Decl: (none)  
Attributes affiliation: 1 value(s) 
eduPersonUniqueId: 1 value(s) 
givenName: 1 value(s) 
homeOrganization: 1 value(s) 
homeOrganizationType: 1 value(s) 
mail: 1 value(s) persistent-id: 1 value(s) 
scoped-affiliation: 1 value(s) 
surname: 1 value(s)

When I now access the protected resource and authenticate to the IdP I get the response from the ErrorController as if the mapping for my resource would not exist.

@Controller
public class AppErrorController implements ErrorController{
    private final static String PATH = "/error";
    @Override
    @RequestMapping(PATH)
    @ResponseBody
    public String getErrorPath() {
        // TODO Auto-generated method stub
        return "No Mapping Found";
    }
}

This SO question explains the attributes are in the header.

Answer 1

I was able to get the Shibboleth attributes in my controller. After all the path was wrong (it should have read /view and not /attributes "/view" since my app was deployed to "/attributes"). Best wishes!