Open port 443
Configure Tomcat to listen on port 443, and ensure your router has port 443 open and pointing to the IP address of your Tomcat application server that is serving your IdP.
Add TestShib Metadata provider
On your IdP, download a copy of TestShib's metadata.
~]# cd $shibboleth_IdP_home/metadata/ ~]# wget http://www.testshib.org/metadata/testshib-providers.xml
Add the following to your $shibboleth_IdP_home/conf/relying-party.xml.
<MetadataProvider id="HTTPMetadataTESTSHIB" xsi:type="FilesystemMetadataProvider" metadataFile="/opt/shibboleth-idp/metadata/testshib-providers.xml" maxRefreshDelay="P1D"/>
Your IdP will need to be configured to access a remote login handler. By default, $shibboleth_IdP_home/conf/handler.xml will have remote connections commented out. Remove the comments, so that remote connections are allowed.
<ph:LoginHandler xsi:type="ph:ExternalAuthn"> <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod> <ph:QueryParam name="foo" value="bar" /> </ph:LoginHandler>
Ensure there are no configuration errors.
Start Tomcat. It may take Tomcat 5 minutes to deploy idp.war file. Check the $tomcat_home/logs/catalina.out file to determine when the idp.war file is deployed.
Upload your IdP metadata to TestShib
Your IdP metadata can be obtained from https://your.IdP.hostname/idp/shibboleth. It is also possible to get your metadata from $shibboleth_IdP_home/metadata/idp-metadata.xml. However, it is best to get your metadata from a web browser, as this will verify that your metadata is accessible using a browser. This is important, because TestShib's SP will access your IdP metadata using HTTPS.
Create a new XML file with a very unique name, and then copy your IdP metadata and paste the metadata into the new file. Navigate to https://www.testshib.org/register.html, and upload your XML file. Message "Your metadata was uploaded successfully" should be displayed.
Go to https://sp.testshib.org, enter the URL of your SP, and select Go.