After installing Shibboleth and joining TestShib, some minor configuration tweaks are necessary to use TestShib. Here are the changes that need to be made.

To trust and interoperate with TestShib Two's SP, you'll need to make a minor change to relying-party.xml, usually located at /usr/local/idp/conf/relying-party.xml.

1. Uncomment the URLMD <MetadataProvider>. Change the metadataURL to http://www.testshib.org/metadata/testshib-providers.xml and the backingFile to something like testshib.xml.
2. Comment out the entire <MetadataFilter>, from the ChainingFilter on down. These filters check the expiration and signature on the metadata. While that's important for production, everyone already knows TestShib is untrustworthy.

That's all. Restart Tomcat, and it's time to test it out.

The default configuration will send an anonymous name and no attributes. We'll change that later.

A sample shibboleth2.xml configuration file for an SP to use to test with TestShib Two will replace the default configuration. Back up the existing configuration file and let's begin.

1. Generate and save the right shibboleth2.xml for your installation:

   Others Windows

   Hostname for your provider:
   

2. Overwrite the old shibboleth2.xml by placing this file into the default configuration directory.

Good job. Restart your web server and shibd. It's time to test it out. If you get XML parsing errors when you try to start shibd, you've got dingbats in your file. They're hidden characters that browsers create to cause trouble. Try copy/pasting the entire text output into a fresh document, or your other favorite cleansing method.