NetID Login Service - Server variables and mapped attributes

Once you've set up Shibboleth authentication for your web application, you can easily check which mapped Shibboleth attributes your application is receiving and the full list of server variables available to your application.

Attributes

Once you've authenticated into your web application and established a Shibboleth session, you can use the Shibboleth handler's Session property to get a summary of the values for the Session.  If your application were example.wisc.edu, you would access the Session info like this: https://example.wisc.edu/Shibboleth.sso/Session.

Server Variables

To see the full list of server variables available to your application, place a dynamic page inside one of your application's directories that requires Shibboleth authentication and then access the page.

PHP

If you have PHP installed on your server you can use the following:

<html>
<head>
<title>Server Variables</title>
</head>
<body>

<?PHP

foreach($_SERVER as $key_name => $key_value) {
print $key_name . " = " . $key_value . "<br>";
}

?>
</body>
</html>

ASP

For Windows, you can use an ASP page containing the following:

<html>

<head>
<title>Shibboleth Attributes - <%= Request.ServerVariables("SERVER_NAME") %></title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<script language"JavaScript" type="text/JavaScript">
<!--
function decodeAttributeResponse() {
var textarea = document.getElementById("attributeResponseArea");
var base64str = textarea.value;
var decodedMessage = decode64(base64str);
textarea.value = tidyXml(decodedMessage);
textarea.rows = 15;
document.getElementById("decodeButtonBlock").style.display='none';
}

function tidyXml(xmlMessage) {
//put newline before closing tags of values inside xml blocks
xmlMessage = xmlMessage.replace(/([^>])</g,"$1\n<");
//put newline after every tag
xmlMessage = xmlMessage.replace(/>/g,">\n");
var xmlMessageArray = xmlMessage.split("\n");
xmlMessage="";
var nestedLevel=0;
for (var n=0; n < xmlMessageArray.length; n++) {
if ( xmlMessageArray[n].search(/<\//) > -1 ) {
nestedLevel--;
}
for (i=0; i<nestedLevel; i++) {
xmlMessage+=" ";
}
xmlMessage+=xmlMessageArray[n]+"\n";
if ( xmlMessageArray[n].search(/\/>/) > -1 ) {
//level status the same
}
else if ( ( xmlMessageArray[n].search(/<\//) < 0 ) && (xmlMessageArray[n].search(/</) > -1) ) {
//only increment if this was a tag, not if it is a value
nestedLevel++;
}
}
return xmlMessage;
}

var base64Key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
function decode64(encodedString) {
var decodedMessage = "";
var char1, char2, char3;
var enc1, enc2, enc3, enc4;
var i = 0;

//remove all characters that are not A-Z, a-z, 0-9, +, /, or =
encodedString = encodedString.replace(/[^A-Za-z0-9\+\/\=]/g, "");
do {
enc1 = base64Key.indexOf(encodedString.charAt(i++));
enc2 = base64Key.indexOf(encodedString.charAt(i++));
enc3 = base64Key.indexOf(encodedString.charAt(i++));
enc4 = base64Key.indexOf(encodedString.charAt(i++));

char1 = (enc1 << 2) | (enc2 >> 4);
char2 = ((enc2 & 15) << 4) | (enc3 >> 2);
char3 = ((enc3 & 3) << 6) | enc4;

decodedMessage = decodedMessage + String.fromCharCode(char1);
if (enc3 != 64) {
decodedMessage = decodedMessage + String.fromCharCode(char2);
}
if (enc4 != 64) {
decodedMessage = decodedMessage + String.fromCharCode(char3);
}
} while (i < encodedString.length);
return decodedMessage;
}
// -->

</script>
</head>


<body>

<b>-all SHIB headers-</b> (<code>HTTP_SHIB_ATTRIBUTES</code> is not shown in this list)

<table>
<% For Each strKey In Request.ServerVariables %>
<% if InStr(1, strKey, "SHIB", 1) and not strKey="HTTP_SHIB_ATTRIBUTES" then %>
<tr>
<td><%= strKey %></td>
<td><%= Request.ServerVariables(strKey) %></td>
</tr>

<% end if %>
<% Next %>
<tr><td>(REMOTE_USER)</td><td><%= Request.ServerVariables("REMOTE_USER") %></td></tr>
<tr><td>(HTTP_REMOTE_USER)</td><td><%= Request.ServerVariables("HTTP_REMOTE_USER") %></td></tr>

</table>
<br/>

attribute response from the IdP (<code>HTTP_SHIB_ATTRIBUTES</code>):<br/>
<textarea id="attributeResponseArea" onclick="select()" rows="1" cols="130"><%= Request.ServerVariables("HTTP_SHIB_ATTRIBUTES") %></textarea><br/>

<span id="decodeButtonBlock"><input type="button" id="decodeButton" value="decode base64 encoded attribute response using JavaScript" onClick="decodeAttributeResponse();"><br/></span>

<br/>

<small>
notes:<br/>
The AAP throws away invalid values (eg an unscopedAffiliation of value "myBoss@&lt;yourdomain&gt;" or a value with an invalid scope which scope is checked)<br/>

The raw attribute response (<code>HTTP_SHIB_ATTRIBUTES</code>) is NOT filtered by the AAP and should therefore be disabled for most applications (<code>exportAssertion=false</code>).<br/>
</small>


<br/>

<hr/>
<br/>


<table>
<% For Each strKey In Request.ServerVariables %>
<tr>
<td><%= strKey %></td>
<td><%= Request.ServerVariables(strKey) %></td>

</tr>
<% Next %>
</table>

</body>
</html>

Shell script

For Linux/Apache, you can place the following Shell script in your cgi-bin directory:


#!/bin/sh
echo Content-type: text/html
echo ""
/bin/cat <<EOM
<HTML>
<BODY text="#000000">
<PRE>
EOM

/bin/env
CAT <<EOM
</PRE>
</BODY>
</HTML>
EOM

Perl

If you have Perl installed, you can use the following:

#!/usr/bin/perl


print "Content-type: text/html\n\n";
print "<pre>\n";

foreach $key (sort keys(%ENV)) {
print "$key = $ENV{$key}<p>";
}
print "</pre>\n";



Keywords:netid login service webiso server variables mapped attribute php asp shibboleth shib   Doc ID:20432
Owner:Ben R.Group:Access Management Services
Created:2011-09-26 15:51 CDTUpdated:2016-09-12 17:08 CDT
Sites:Access Management Services, DoIT Help Desk, Middleware
Feedback:  0   0