Use Policy

The first rule of TestShib is: NEVER trust TestShib.

TestShib's policies dictate its own responsibilities, as well as the responsibilities of the providers that exchange information using it.

TestShib is specifically not intended to support production-level end-user access to protected resources. Organizations operating service providers are strongly discouraged from either releasing or protecting valuable information using TestShib. TestShib may be inaccessible for extended periods of time, and information provided may be inaccurate.

TestShib makes detailed, unanonymized logs publicly available; never send any sensitive information to any part of TestShib.


TestShib doesn't define any specific attributes of its own, but it's still important to follow good attribute practices when testing. TestShib's default configuration contains only a limited number of attributes to minimize complexity. Many other useful attributes have been standardized by various organizations, and SAML names have been defined by MACE-Dir. Feel free to define custom attributes, but please name them appropriately.

On Metadata

TestShib will maintain your metadata file for a one month period. This should give a user ample time to test the software interaction. There is no limit as to how many times a users file can be uploaded to the service.