I understand that configured attributes will be stored as environment variables by default and will be accessible like
<ApplicationDefaults id="default" policyId="default"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false" attributePrefix="AJP_">
Make sure you have this field in you attribute map file.
1.1 And idP has to send the attribute too.
Since you have attribute prefix as "AJP_" your attributes will be coming as "AJP_attributeName" (This can vary too)
2.1 You have to open up your AJP port which usually listens on 8009 and redirect the /secure path to AJP. You have to do this in apache to forward proxy as AJP.
2.2 In your servlet/handler of /secure path try getting attribute as
(Can try following too if this does not work a.
header.getAttribute("AJP_attr"). I am telling you to try out this because I have done this long time ago and I am not sure about exact method.)