Next steps

Once the IdP has been tested you need to complete the install. Below are some of the tasks you should consider. You should consult IdPConfiguration for further details.

Configure certificates

A suitable certificate should be installed to protect the browser facing port.

Adding other attributes

You can modify the attributes which are released as per IdPAddAttribute.

Configure your IdP to work with a new federation.

As installed the IdP can be tested against the Testshib SP. In order to run against another federation you need to edit relying-party.xml to

Remove the references to Testshib
Add a reference to your Federation's metadata
Add a reference to the key your Federation operator uses to sign the metadata
There is a program shipped with the installer to automate this operation. Configuration details for the UK Federation and InCommon are available, others may be available from your Federation operator.

To convert an existing installation to run with (for instance) the UK Federation

Stop tomcat
Run the setFed program in a Windows command box with a suitable configuration file

Restart tomcat

c:\>cd "Program Files (x86)\Internet2\Shib2IdP\bin"
c:\Program Files (x86)\Internet2\Shib2IdP\bin>sc stop tomcat6
c:\Program Files (x86)\Internet2\Shib2IdP\bin>setFed.bat ..\conf\UKFederation-config.xml
Entity ID = https://origin.steadingsoftware.net/idp/shibboleth
Relying Party configured for UK Federation
c:\Program Files (x86)\Internet2\Shib2IdP\bin>sc start tomcat6

Other tasks

Recreating the WAR file

If you change the JavaServer Pages (JSP) files, or need to regenerate the WAR file for any other reason, it suffices to open a command prompt and from within it cd into the Shib2IdpInstall subdirectory of the installation directory and type 'install'.

Installing new versions of the component software (Tomcat and the IdP)

This should be done as per the instructions supplied with the new components.