SWITCHaai Shibboleth Training 2015

This page provides all the material that was used during the Shibboleth Training event held in September 2015 in Zurich. The material on this page allows repeating the training. During the training participants test and configure a standard Shibboleth Service Provider as well as an Identity Provider in the AAI Test federation, which uses the same technical standards like the SWITCHaai federation. The goal is to make participants familiar with federated identity management, SAML and Shibboleth in particular. At the end of the training, all participants should be familiar with the basic aspects of running a Shibboleth Service Provider and a Shibboleth Identity Provider in SWITCHaai.

Training VM image is no longer available

The VM image is no longer available, it was outdated.
The LDAP server required by the IdP pre-configured in the image is no longer accessible.

Training VM Image

The training is performed on a virtual machine (VM), basically a VM image that can be run in Virtual Box (recommended) or VMware Player/Fusion. The image thus can be run on Windows, Mac and Linux systems.

To run the SP Training VM the following minimal requirements have to be met:

  • User must have administration privileges on the laptop
  • Any recent (< 4 years) Intel or AMD processor.
  • 4 GByte RAM (at least 1.5GB free memory)
  • 12 GByte free harddisk space
  • Internet Connectivity
  • VirtualBox (or VMWare Player) installed and fully operational.

Shibboleth Training at Home

The training was designed in a way that allows to repeat it at home in an autonomous way. All that is needed is the material on this page, basically the SP Training VM and the slides.

To start with the training, perform the following steps:

  1. Download the image Shibboleth Training VM image (no longer available) Creative Commons License
  2. Open the Image with Virtual Box or VMWare Player/Fusion
  3. Run the Shibboleth Training VM to boot up the image.
  4. Ideally print out the Tips and Tricks handout for ease-of-use.
  5. Start reading the complete Shibboleth Training Hands-On Slides or start with individual presentations as listed below.

Please note that when registering the Service Provider with the Resource Registry, you might have to wait a few minutes till a few hours until the registration is manually approved by someone from the SWITCHaai team. This in contrast to the training where this step took les than 5 minutes.


The slides are structured in different chapters. Whenever there is an icon in the upper right corner showing a hand on a keyboard, this means that there is a hands-on exercise on this slide.

Day 1: Introduction to SWITCHaai
Federated Identity Management
AAI Login Demo
Motivation for Using AAI
SAML Terminology & Flows
Introduction to Shibboleth
Resource Registry
AAI Attributes
VHO & Swiss edu-ID
Day 2: Shibboleth SP Training
SP Hands-On Session
Test of the VM Image (for the Training)
Try Demo Yourself
X.509 Certificates for SAML
Discovery Service Options
Interfederation Attributes
SWITCHtoolbox & Group Management Tool
SP Logout Support
SP Virtualization
SP Error Handling
Shibboleth-aware Applications
Day 3: Shibboleth IdP Training
Shibboleth IdP Version 3 Upgrade: General observations
Test of the VM Image (for the Training)
IdP: Tips and Tricks
IdP Configuration Pattern
IdP User Authentication
IdP Login Form Customization
IdP Attribute Resolution
IdP Persistent IDs
IdP User Consent
IdP Upgrades within Version 3
Resource Registry: Updating the Home Organisation Description
IdP Clustering
Resource Registry: Interfederation Options
Resource Registry: Entity Categories
Resource Registry: Attribute Release Configuration
IdP: Overview of Log Files
IdP: Reloading the Configuration
New Challenges with Interfederation SPs?