Get ready for production
At this point you should review your set-up for security and reliability issues.
One known potential issue is cookie security. Check your idp.properties file for idp.cookie.secure to ensure cookies are not sent over insecure connections:
idp.cookie.secure=true
If the line has a # at the start then it's commented out so takes the default. In version 4, the default is true; in previous versions the default was false.
The Shibboleth wiki has some topics to consider when putting the IdP into production
Other recommendations:
- test TLS/SSL security (see Testing section)
- test failover if load-balanced
- test with different user types and check the correct attribute values are released (see Testing section)
- check logging is correctly configured and working, and set up log rotations as required
- configure and test back-ups
- subscribe to the shibboleth-announce mailing list to receive important announcements about security fixes and new releases.