Child pages
  • TestshibFederation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Wiki Markup
h2. Federated deployment with Testshib

Once you set up Shibboleth SP instance you will need a Certificate and Metadata to test with UCLA {nl:IdP} test instance.
You have two options:
_Federated deployment_ - You can use free certificate from a test federation,
_Bilateral deployment_ - You will use a commercial Certificate from a vendor. You have to create and exchange the Metadata with the IdP manually.

This document describes Certificate and Metadata creation & usage in a federated environment, with Testshib federation. issues free credentials that can be used for testing. UCLA {nl:IdP} (test instance) is a member of this federation, registered under the name "". Go to this site and register as a "Service Provider". 

h3. Obtain Certificate and Metadata from Testshib

If you go to the [registration page on the Testshib|] you will get a walkthrough of the steps you need to take.  
We recommend [registering at|], go there and "register identity".  
Once you have an active account go back to and go to their [self-service application|] page and click on openidp, then login. Click on "New Service Provider". 
* _hostname_ is your your server's hostname (e.g. {nl:} is  {builder-hide}The hostname's DNS entry needs to exist and have been propagated, but your server itself does not have be publicly visible and can remain on a department/UC only subnet. {builder-hide}
* _name_ is just for casual human identification and can be whatever you will call the application.
* _Contact information_ is straightforward =)

Key and Certificate will be generated and posted on the screen. Save them into separate files on your Shibboleth SP server and reference them inside your shibboleth.xml file {nl:<CredentialsUse>} section.
<CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
   <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
   <FileResolver Id="federation_creds">

Testshib also generates Metadata about your SP. Get the metadata from [], save it in a file on your Shibboleth SP server and again reference it from shibboleth.xml, {nl:<MetadataProvider>} section.
		<MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"

h4. _Testshib key & cert are meant for testing only. Do not use them in Production_

For more help modifying your shibboleth.xml file you can visit any of the install guides located [here|Shib1SPInstallConfigure].