Get ready for production

At this point you should review your set-up for security and reliability issues.

One known potential issue is cookie security. Check your file for to ensure cookies are not sent over insecure connections:

If the line has a # at the start then it's commented out so takes the default. In version 4, the default is true; in previous versions the default was false.

The Shibboleth wiki has some topics to consider when putting the IdP into production

Other recommendations:

  • test TLS/SSL security (see Testing section)
  • test failover if load-balanced
  • test with different user types and check the correct attribute values are released (see Testing section)
  • check logging is correctly configured and working, and set up log rotations as required
  • configure and test back-ups
  • subscribe to the shibboleth-announce mailing list to receive important announcements about security fixes and new releases.