A command-line tool called resolvertest
can be used to test policy-based attribute resolution for a given deployment. The tool can be found in the IDP_HOME/bin
directory after installing the !IdP. Prior to executing this application be sure the IDP_HOME
environment variable points to your !IdP installation.
To test the attribute release configuration in arp.site.xml (and optionally the user's ARP), execute the resolvertest
application with the following additional parameters:
$ --user=USER_NAME
: the name of the user whose attributes you wish to retrieve
$ *--idpXml=file://FILE*
: the full path to the idp.xml configuration file as a file URL
$ --requester {{SP_ID
: the =entityID}} of the SP to use in the test, if this is not specified the configuration for an unauthenticated SP is used
$ --responder {{IDP_ID
: the =entityID}} of the !IdP to use in the test
$ --resource=URL
: the URL of the requested resource to use in the test, if this is not specified only attributes that are released to any resource will be returned
Unix:
$ export IDP_HOME=/usr/local/shibboleth-idp $ $IDP_HOME/bin/resolvertest --help $ $IDP_HOME/bin/resolvertest --user=gridshib \ --requester=https://sp.example.org/shibboleth \ --responder=https://idp.example.org/shibboleth \ --idpXml=file:///usr/local/shibboleth-idp/etc/idp.xml |
Windows:
> set IDP_HOME=c:\usr\local\shibboleth-idp > %IDP_HOME%\bin\resolvertest --help > %IDP_HOME%\bin\resolvertest --user=gridshib --requester=https://sp.example.org/shibboleth --responder=https://idp.example.org/shibboleth --idpXml=file:/c:/usr/local/shibboleth-idp/etc/idp.xml |
If the test fails, try adding the --debug
option to the command-line invocation.