Versions Compared

Old Version 110

changes.mady.by.user Robert A Basch

Saved on

compared with

New Version Current

changes.mady.by.user Robert A Basch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Once your SP is properly registered with the IdP, you can test your SP's configuration by visiting either the Shibboleth handler's session initiation location (https://myhost/Shibboleth.sso/Login by default), or a resource protected in your Apache configuration or Shibboleth request map, e.g. https://myhost/secure. After you have authenticated successfully, you can then visit https://myhost/Shibboleth.sso/Session to display the Shibboleth session information, including a list of the available attributes. To include the attribute values in this display, edit shibboleth2.xml, and set the handler's showAttributeValues property to "true":

No Format
    <!-- Session diagnostic service. -->
    <!-- Set showAttributeValues to "true" for testing only! -->
    <Handler type="Session" Location="/Session" showAttributeValues="true"/>

Once you have confirmed that your SP is getting the proper set of attributes, we recommend that you set the handler's showAttributeValues property back to "false":

No Format
    <!-- Session diagnostic service. -->
    <Handler type="Session" Location="/Session" showAttributeValues="false"/>

Keep your metadata Shibboleth software up to date

Panel
Warning

You must ensure that your SP's copy of the MIT metadata is kept up to date. The current metadata is available in http://touchstone.mit.edu/metadata/MIT-metadata.xml.

The easiest way to maintain the metadata is by configuring a <MetadataProvider> element in shibboleth2.xml which points at this URL. (This will be set up for you automatically if you use the mit-config-shib.sh procedure with the shibboleth2.xml.in template, as discussed above). The Shibboleth SP software will automatically refresh the metadata periodically.

If you prefer not to have Shibboleth refresh the metadata automatically for some reason, then you must use a cron job (or other regularly scheduled procedure) which runs a script to download and install the latest metadata file. This procedure should validate the signature on the metadata file. The Shibboleth SP software detects and loads the updated metadata file automatically; there is no need to restart the web server or shibdAs with any security-related software, it is important that you maintain the Shibboleth SP software properly, applying security patches in a timely manner in particular. We strongly recommend subscribing to the Shibboleth announcements list, so that you will be notified directly of security advisories.

Example code and configuration information for third party applications

...