Testing which attributes an Identity Provider releases

A simple Perl test script is available from IDS (see below for download link). All centers are required to provide a test URI and make this (or a similar script) avilable and add the URIs the above list.

You can test this script by logging in to https://catalog.clarin.eu/secure/shib_test.pl

To setup perform the following steps:

  1. create a directory, e.g. named "secure" in your webroot
  2. copy the script to this directory
  3. add the following snippet to your apache configuration
# NOTE: the location needs to match the directory name!
<Location /secure>
  AuthType shibboleth
  ShibRequestSetting requireSession 1
  ShibRequestSetting exportAssertion 1
  require shibboleth
  Options +ExecCGI
  AddHandler cgi-script .pl
  DirectoryIndex shib_test.pl
  # Examples for customizing script
  # SetEnv SHIBTEST_ATTRIBUTES_REQUIRED "eduPersonPrincipalName:eppn eduPersonTargetedID:persistent_id"
  # SetEnv SHIBTEST_ATTRIBUTES_OPTIONAL "eduPersonScopedAffiliation:affiliation:eduPersonAffiliation cn displayName"
  # Uncomment the following, if you want to enable support for lazy session instantiation
  # These are usually guessed correctly by the script, but adjust to you local URIs for lazy session instantiation
  # SetEnv SHIBTEST_LOGIN_URI  "https://sp.example.org/Shibboleth.sso/Login"
  # SetEnv SHIBTEST_LOGOUT_URI "https://sp.example.org/Shibboleth.sso/Logout"

You can use SetEnv directives to customize the behavior of script. E.g., you can define aliases for an attribute by seperating them with a colon.

Download: shib_test.pl

If you want a dump of the raw assertions, you need to install XML::Twig and configure the to export the assertions (see Shibboleth docs[1])