beyond setup

There are a few small improvements you might like to make to your test installation. You may also want check the various configuration sections of the project wiki for ideas and configuration tricks.

Service Provider

Display a Success Page

There are a lot of ways to display the identity information made available to applications by the Shibboleth SP. If you just want to get away from the 404 error, create an index.html page saying anything you please in, by default, /var/www/html/secure/index.html or your other DocumentRoot.

The easiest way to display all the variables is through PHP. Try creating /var/www/html/secure/index.php with the contents:

<?php phpinfo(); ?>

Enable Attribute Support

The SP maps from attribute names in protocols to header and environment variables using attribute-map.xml. To receive a lot of common attributes, just uncomment all the examples in that file, located alongside your shibboleth2.xml. You should restart Apache and shibd and test again.

Identity Provider

Release Test Attributes

There are two steps to sending attributes to the TestShib IdP. First, we need to define some attributes; then, we need to release them. This is to protect users' privacy. We'll be making changes to two files in /opt/shibboleth-idp/conf/.

attribute-resolver.xml: The IdP acquires attributes to send to the SP using this file.

Uncomment the Example Static Connector.

Uncomment the eduPerson attribute definitions, and all the others you'd like.

Add a <resolver:Dependency ref="staticAttributes" /> to the eduPersonEntitlement attribute definition, just like the eduPersonAffiliation example above it.

attribute-filter.xml: This tells the IdP which attributes to send to which SP. We're going to send two more attributes to the TestShib SP.

Uncomment the last <AttributeFilterPolicy>, with the portal example.

Change the <PolicyRequirementRule> value of to

Change the <AttributeRule> attributeID to eduPersonAffiliation.

Create a second, identical <AttributeRule> with an attributeID of eduPersonEntitlement.

You should restart Tomcat, and test again.