Testing Attribute Release

A command-line tool called resolvertest can be used to test policy-based attribute resolution for a given deployment. The tool can be found in the IDP_HOME/bin directory after installing the !IdP. Prior to executing this application be sure the IDP_HOME environment variable points to your !IdP installation.

Running the Test

To test the attribute release configuration in arp.site.xml (and optionally the user's ARP), execute the resolvertest application with the following additional parameters:

$ --user=USER_NAME: the name of the user whose attributes you wish to retrieve
$ *--idpXml=file://FILE*: the full path to the idp.xml configuration file as a file URL
$ --requester {{SP_ID: the =entityID}} of the SP to use in the test, if this is not specified the configuration for an unauthenticated SP is used
$ --responder {{IDP_ID: the =entityID}} of the !IdP to use in the test
$ --resource=URL: the URL of the requested resource to use in the test, if this is not specified only attributes that are released to any resource will be returned

Examples

Unix:

$ export IDP_HOME=/usr/local/shibboleth-idp
$ $IDP_HOME/bin/resolvertest --help
$ $IDP_HOME/bin/resolvertest --user=gridshib \
		--requester=https://sp.example.org/shibboleth \
		--responder=https://idp.example.org/shibboleth \
		--idpXml=file:///usr/local/shibboleth-idp/etc/idp.xml

Windows:

> set IDP_HOME=c:\usr\local\shibboleth-idp
> %IDP_HOME%\bin\resolvertest --help
> %IDP_HOME%\bin\resolvertest --user=gridshib 
		--requester=https://sp.example.org/shibboleth
		--responder=https://idp.example.org/shibboleth
		--idpXml=file:/c:/usr/local/shibboleth-idp/etc/idp.xml

If the test fails, try adding the --debug option to the command-line invocation.