The login gateway is all set. I can login to my Pyramid application with Shibboleth and pull headers, but all I see is a few Cookies 'shibstate'.
I do not think these cookies are the attributes, but please clarify. I have started trying out Pyramids sessions, "UnencryptedCookieSessionFactoryConfig" but let me know if I'm on the right track - If I need to use shib session to store attributes.
Thanks Akshay. Researching AJP lead me to the solution. It was a mod_wsgi and shibboleth.sso conflict. Adding a apache directive fixed it, as shown in Shibboleth documentation:
<Location /Shibboleth.sso>
SetHandler shib
</Location>