By default, after installing and setting up Shibboleth SP, the /etc/httpd/conf.d/shib.conf file will contain a control to handle requests to www.example.com/secure.
<Location /secure> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session </Location>
Navigating to www.example.com/secure will display shibsp::ConfigurationException.
In the /etc/shibboleth/shibboleth2.xml file, in ApplicationDefaults, set entityID to the hostname of your SP.
<ApplicationDefaults entityID="https://<hostname of your SP>/shibboleth" REMOTE_USER="eppn persistent-id targeted-id">
In SSO, set entityID to the hostname of your IdP and delete discoveryURL="https://ds.example.org/DS/WAYF".
<SSO entityID="https://<hostname of your IdP>/idp/shibboleth" discoveryProtocol="SAMLDS"> SAML2 SAML1 </SSO>
Remove the comment from MetadataProvider, and adjust the file to point to the location of your idp-metadata.xml. This assumes that the SP and IdP are on the same server.
<MetadataProvider type="XML" validate="true" file="/opt/shibboleth-idp/metadata/idp-metadata.xml"/>
Ensure there are no syntax errors in the shibboleth2.xml file.
~]# shibd -tc /etc/shibboleth/shibboleth2.xml . . . overall configuration is loadable, check console for non-fatal problems
Restart the SP and web server.
~]# systemctl restart shibd ~]# systemctl restart httpd