There are a few small improvements you might like to make to your test installation. You can also check the Configuration section of the Wiki.

Service Provider

• Display a Success Page
• Enable Attribute Support
• Use your Own IdP
• More...

Identity Provider

• Release Test Attributes
• More...

Service Provider

Display a Success Page

There are a lot of ways to display the identity information made available to applications by the Shibboleth SP. If you just want to get away from the 404 error, create an index.html page saying anything you please in, by default, /var/www/html/secure/index.html or your other DocumentRoot.

The easiest way to display all the variables is through PHP. Try creating /var/www/html/secure/index.php with the contents:

<?php phpinfo(); ?>

Enable Attribute Support

The SP maps from attribute names in protocols to header and environment variables using attribute-map.xml. To receive a lot of common attributes, just uncomment all the examples in that file, located alongside your shibboleth2.xml. You should restart Apache and shibd and test again.

By default, the SP populates environment variables rather than header variables. This is more secure, but some proxies and applications only use header variables. If you're using Apache, you may want to turn on header variable export as well by adding the following to your Apache configuration, or /etc/httpd/conf.d/shib.conf:

ShibUseHeaders On

Use your Own IdP

To use an IdP in TestShib rather than the TestShib IdP, such as your own, just change the <SessionInitiator entityID> in shibboleth2.xml to match that IdP's name rather than TestShib's.

Identity Provider

Release Test Attributes

There are two steps to sending attributes to the TestShib IdP. First, we need to define some attributes; then, we need to release them. This is to protect users' privacy. We'll be making changes to two files in /usr/local/idp/conf/.

attribute-resolver.xml: The IdP acquires attributes to send to the SP using this file.

1. Uncomment the Example Static Connector.
2. Uncomment the eduPerson attribute definitions, and all the others you'd like.
3. Add a <resolver:Dependency ref="staticAttributes" /> to the eduPersonEntitlement attribute definition, just like the eduPersonAffiliation example above it.

attribute-filter.xml: This tells the IdP which attributes to send to which SP. We're going to send two more attributes to the TestShib SP.

1. Uncomment the last <AttributeFilterPolicy>, with the portal example.
2. Change the <PolicyRequirementRule> value of urn:example.org:sp:myPortal to https://sp.testshib.org/shibboleth-sp.
3. Change the <AttributeRule> attributeID to eduPersonAffiliation.
4. Create a second, identical <AttributeRule> with an attributeID of eduPersonEntitlement.

You should restart Tomcat, and test again.