How to test Shibboleth IdP using TestShib

Home > Search > How-to

Open port 443

Configure Tomcat to listen on port 443, and ensure your router has port 443 open and pointing to the IP address of your Tomcat application server that is serving your IdP.


Add TestShib Metadata provider

On your IdP, download a copy of TestShib's metadata.

~]# cd $shibboleth_IdP_home/metadata/
~]# wget


Add the following to your $shibboleth_IdP_home/conf/relying-party.xml.

<MetadataProvider id="HTTPMetadataTESTSHIB"


Login Handler

Your IdP will need to be configured to access a remote login handler. By default, $shibboleth_IdP_home/conf/handler.xml will have remote connections commented out. Remove the comments, so that remote connections are allowed.

<ph:LoginHandler xsi:type="ph:ExternalAuthn">
  <ph:QueryParam name="foo" value="bar" />


Restart Tomcat

Stop Tomcat.

~]# $tomcat_home/bin/


Ensure there are no configuration errors.

~]# $tomcat_home/bin/


Start Tomcat. It may take Tomcat 5 minutes to deploy idp.war file. Check the $tomcat_home/logs/catalina.out file to determine when the idp.war file is deployed.

~]# $tomcat_home/bin/


Upload your IdP metadata to TestShib

Your IdP metadata can be obtained from https://your.IdP.hostname/idp/shibboleth. It is also possible to get your metadata from $shibboleth_IdP_home/metadata/idp-metadata.xml. However, it is best to get your metadata from a web browser, as this will verify that your metadata is accessible using a browser. This is important, because TestShib's SP will access your IdP metadata using HTTPS. 

Create a new XML file with a very unique name, and then copy your IdP metadata and paste the metadata into the new file. Navigate to, and upload your XML file. Message "Your metadata was uploaded successfully" should be displayed.



Go to, enter the URL of your SP, and select Go.

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.