University of Oregon

Identity Management - Test Shibboleth Service Provider Transition Guide


This document describes the actions that need to be performed by UO Shibboleth Server Provider (SP) administrators to direct their SPs at the new Test Shibboleth Identity Provider (IdP).


Updating your SP configuration to communicate with the new Test Shibboleth IdP should be a trivial change and require very little effort to accomplish.

Simply follow the three steps outlined below:

  1. Update the SSO "entityID" Value
  2. Download the New Test IdP Metadata
  3. Send a "Transition" Request

Update the SSO "entityID" Value:

Open your 'shibboleth2.xml' configuration file (commonly located at /etc/shibboleth/shibboleth2.xml) using your preferred editor and locate the 'SSO' configuration element. Within the 'SSO' element, change the value of the 'entityID' attribute from:


Depending upon the version of the SP software you are running and your specific configuration, your SSO element may look different but for current versions of the SP software, the SSO element should appear similar to this:

<SSO entityID="">

For detailed information regarding Shibboleth Service Provider configuration, please see: NativeSPShibbolethXML


Download the New Test IdP Metadata:

The new Test Shibboleth service uses a load-balanced URL and due to this change, the metadata associated with the new IdP service is different. You must download the new version of the IdP Metadata for your SP to properly communicate with the new Test IdP.

The new Test Shibboleth IdP metadata can be accessed via



Send a "Transition" Request:

The final step is to send us a transition request by filling out the below form. You'll need to have the "entityID" handy for every service protected by your SP: