After joining TestShib and configuring your provider to use it, try accessing one of the sample providers that TestShib hosts for testing purposes. You can also test against other TestShib members, but be careful to never protect or release sensitive information while using TestShib.

If errors arise during testing, first check the Shibboleth Wiki. If that doesn't solve it, search the mailing list archives before sending a detailed description of the error, your configuration, and log information to shibboleth-users@internet2.edu.



Identity Provider
  1. Access https://sp.testshib.org/ with a standard web browser.
  2. You'll see a text field that requires your providerId, which will resemble https://www.supervillain.edu/shibboleth/testshib/idp. This is used to tell the test Service Provider which IdP to use for authentication and authorization queries.
  3. Authenticate to your provider as one of the users you created.
  4. The sample service provider will display all attributes that this identity provider is configured to release to this resource. These will differ depending on the configuration and whether the echo responder or a directory/database is used.

Maybe you'd like to try out some other configuration options or joining a real federation next.



Service provider
  1. You're now a member of the TestShib Identity Provider, and you'd like to access your SP's content, located at https://yourhost.org/secure/. Since that probably doesn't host a real file(unless you want to put one there), success will seem like a 404 error after you authenticate. But trust us. It's success.
  2. Access https://yourhost.org/secure/ using a web browser. You will be automatically redirected to the TestShib Identity Provider.
  3. Your username and password are myself/myself. Authenticate.
  4. The same attributes are released to all SP's by the TestShib IdP, including the following attribute/value pairs:
    • eduPersonPrincipalName: myself@testshib.org
    • eduPersonScopedAffiliation: member@testshib.org
    You can look in shibd.log to see what came in(or didn't). If something went wrong, native.log may be useful too. Check the Shibboleth Wiki for some common causes.
  5. Access should be granted and 404 error displayed. Best 404 you'll ever get, but your shibd.log should be more interesting.

You can see what the transaction looked like from the TestShib IdP's point of view as well by looking at the last lines of .

Maybe you'd like to try out some other configuration options or joining a real federation next.


© Copyright 2006 Internet2.