We've just been through the testing process for a new IdP. What to do is register that one in the UKFederation metadata as well but as a hidden IdP, like Rod says. When you want to test it against sites through the WAYF you click on "All Sites" at the bottom of the screen and your test IdP appears then you can proceed to authenticate through that and for it to release attributes. Beware that some SPs you test against will not work if they're a closed subscription as they will only allow the entityID you have given them.
When you come to go live with it you'll need to change the details in relyingpartyl.xml and its certificate and also the idp-metadata which will need the name changed and the new certificate.
If you're fronting with Apache, you'll also need to change the hostname in there and its certificate references (443 and 8443).
When you want to go live with the new IdP, assuming you're updating the certificate you can give the new one to the Fed helpdesk and they can put both in the metadata for the changeover period.
We made a decision to use a Terena certificate both for Apache and for the internal Shibboleth one rather than using the self signed one for that.
HTH
Andy
________________________________________
From: Discussion list for Shibboleth developments [[log in to unmask]] on behalf of Rod Widdowson [[log in to unmask]]
Sent: 25 June 2013 16:28
To: [log in to unmask]
Subject: Re: IdP behind Forefront TMG
> I have shown this to the IT people in question.
> This might seem a silly question but how would I modify a cloned IdP eg as
> ShibTest so that it service providers dial into that one for attributes if
I sent a
> request from it, and not our main shibb IdP server? So it gets fully
tested.
I'd ask the nice guys at the support desk, but I believe that what is
usually done is that you register *another* IdP with a similar configuration
in the UK Federation. You make it "hidden from the WAYF" so that your users
don't accidently use it. You get it up and running and then when you are
ready you either make the move or just arrange for the old one to become the
new one.
But ask the UK Fed support guys - they will be able to help you.
R
The University of Dundee is a registered Scottish Charity, No: SC015096
|