After joining TestShib and configuring your provider to use it, try interoperating with one of the sample providers that TestShib hosts. You can also test against other TestShib members, but be careful to never protect or release sensitive information while using TestShib.

If errors arise during testing, first check the Shibboleth 2 Wiki. If that doesn't solve it, search the mailing list archives before sending a detailed description of the error, your configuration, and log information to shibboleth-users@internet2.edu. We're always glad to help.



Identity Provider
  1. Access https://sp.testshib.org/ with a standard web browser.
  2. You'll see a text field that requires your entityID, which will resemble https://www.example.org/idp/shibboleth. This is used to tell the test Service Provider which IdP to ask to authenticate you.
  3. Authenticate to your provider, which should send an assertion in response.
  4. The sample service provider will display all attributes that your identity provider is configured to release to this resource. That will differ depending on the resolver & filter configuration, the user, and the data sources it's using.

Maybe you'd like to try out some other configuration options or joining a real federation next.



Service provider
  1. You're now a member of the TestShib Identity Provider, and you'd like to access your SP's content, located at https://yourhost.org/secure/. Since that probably doesn't host a real file(unless you want to put one there), success will seem like a 404 error after you authenticate. But trust us. It's success.
  2. Access https://yourhost.org/secure/ using a web browser. You will be automatically redirected to the TestShib Identity Provider, where you should login.
  3. A ton of attributes are released to all SP's in TestShib by the TestShib IdP. You might want to increase your shibd.logger level to DEBUG. You can look in shibd.log to see what came in(or didn't). Check the Wiki if you have any problems.
  4. Access should be granted and 404 error displayed. You can verify that it's one of the good kind by accessing https://yourhost.org/Shibboleth.sso/Session, and your shibd.log should be full of interesting things too.

You can see what the transaction looked like from the TestShib IdP's point of view as well by looking at the last lines of .

Maybe you'd like to try out some other configuration options or joining a real federation next.


© Copyright 2008-2009 Internet2.