Skip to main content

Testing Which Attributes an Identity Provider Releases

A simple Perl test script is available from IDS (see below for download link). All centres are required to provide a test URI and make this (or a similar script) avilable and add the URIs the above list.

You can test this script by logging in to

To setup perform the following steps:

  1. Create a directory, e.g. named 'secure' in your webroot
  2. Copy the script to this directory
  3. Add the following snippet to your apache configuration
# NOTE: the location needs to match the directory name!
<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  ShibRequestSetting exportAssertion 1
  require shibboleth
  Options +ExecCGI
  AddHandler cgi-script .pl
  # Examples for customizing script
  # SetEnv SHIBTEST_ATTRIBUTES_REQUIRED "eduPersonPrincipalName:eppn eduPersonTargetedID:persistent_id"
  # SetEnv SHIBTEST_ATTRIBUTES_OPTIONAL "eduPersonScopedAffiliation:affiliation:eduPersonAffiliation cn displayName"
  # Uncomment the following, if you want to enable support for lazy session instantiation
  # These are usually guessed correctly by the script, but adjust to you local URIs for lazy session instantiation

You can use SetEnv directives to customize the behavior of script. E.g., you can define aliases for an attribute by seperating them with a colon.


If you want a dump of the raw assertions, you need to install XML::Twig and configure the to export the assertions (see Shibboleth docs[1])