Bootstrap FreeKB - Shibboleth (IdP) - Test IdP using TestShib
Shibboleth (IdP) - Test IdP using TestShib
Updated:   |  Shibboleth (IdP) articles

Open port 443

Configure Tomcat to listen on port 443, and ensure your router has port 443 open and pointing to the IP address of your Tomcat application server that is serving your IdP.

 

Add TestShib Metadata provider

On your IdP, download a copy of TestShib's metadata.

~]# cd $shibboleth_IdP_home/metadata/
~]# wget http://www.testshib.org/metadata/testshib-providers.xml

 

Add the following to your $shibboleth_IdP_home/conf/relying-party.xml.

<MetadataProvider id="HTTPMetadataTESTSHIB"
                  xsi:type="FilesystemMetadataProvider"
                  metadataFile="/opt/shibboleth-idp/metadata/testshib-providers.xml"
                  maxRefreshDelay="P1D"/>

 

Login Handler

Your IdP will need to be configured to access a remote login handler. By default, $shibboleth_IdP_home/conf/handler.xml will have remote connections commented out. Remove the comments, so that remote connections are allowed.

<ph:LoginHandler xsi:type="ph:ExternalAuthn">
  <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
  <ph:QueryParam name="foo" value="bar" />
</ph:LoginHandler>

 

Restart Tomcat

Stop Tomcat.

~]# $tomcat_home/bin/shutdown.sh

 

Ensure there are no configuration errors.

~]# $tomcat_home/bin/configtest.sh

 

Start Tomcat. It may take Tomcat 5 minutes to deploy idp.war file. Check the $tomcat_home/logs/catalina.out file to determine when the idp.war file is deployed.

~]# $tomcat_home/bin/startup.sh

 

Upload your IdP metadata to TestShib

Your IdP metadata can be obtained from https://your.IdP.hostname/idp/shibboleth. It is also possible to get your metadata from $shibboleth_IdP_home/metadata/idp-metadata.xml. However, it is best to get your metadata from a web browser, as this will verify that your metadata is accessible using a browser. This is important, because TestShib's SP will access your IdP metadata using HTTPS. 

Create a new XML file with a very unique name, and then copy your IdP metadata and paste the metadata into the new file. Navigate to https://www.testshib.org/register.html, and upload your XML file. Message "Your metadata was uploaded successfully" should be displayed.

 

Test

Go to https://sp.testshib.org, enter the URL of your SP, and select Go.

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 0a051e in the box below so that we can be sure you are a human.