Shibboleth Developers

[<>]

I am working with the Shibboleth 2 SP, and I am trying to get it to
interoperate with a Ping IDP that was used by Scott to do some testing
in the past.  Currently whenever I redirect to the IDP, it barfs trying
to check the signature on the SSO Request generated by Shibboleth.

Two things I am trying to figure out how to do to figure out where my
configuration is failing:

1) What logging options do I need to turn on to get Shib 2 to show me
the SAML Request in the logfiles?  Currently all I see is:
2007-07-27 16:54:33 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
validating input
2007-07-27 16:54:33 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
marshalling, deflating, base64-encoding the message
2007-07-27 16:54:33 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
signing the message
2007-07-27 16:54:33 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
message encoded, sending redirect to client

I tried turning up everything to debug, but either I am missing a
setting somewhere or this is not something that will get logged.

2) How does the bindingTemplate.html work in regards to this process.  I
editted it to turn off auto-submit thinking that would allow me to
inspect the generated request prior to transmission, but upon accessing
a protected url at my SP, I still get automatically redirected to the
Ping IDP.

I do not know if the signature is a problem, but I do think the
SAMLRequest that shows up at the Ping IDP is not encoded correctly.  I
would expect base64, but when I stop the Ping IDP from auto-redirecting
back to Shibboleth on failure I see an encoded SAML Request, but it
includes control characters, so it's not base64.