You can view the attributes that are being released by visiting a built in debug page. This is commonly referred to as the SSO Debug page and it can be accessed on your runtime at:
Log in with a user account, and you can see all the attributes that would be released when no SP was being accessed:
Releasing attributes when no SP is accessed does not, of course, happen in the real world. To make the page more useful you can specify a service provider's entityID and it will display the attributes that would be sent to that specific service provider including any user identifiers and service specific attributes. This is very useful for testing that a resource that needs additional attributes will get what it is expecting before you roll it out to your users.
To pass an entityID, add the 'entityID' paramater to the sso-debug URL - e.g:
What you will see will be something like this:
Anything to watch out for?
You must use the entityID of the service provider and not the web address or access URL.
Everything after the question mark is case sensitive, and the entityID must match exactly what is in the metadata (or you will get an error message to the effect that it cannot be found).
A display bug means that where one attribute releases multiple values, only the first value may be shown on the debug page. All values are passed to the service provider.
If you have been stepping through, you have now covered the basics. For further reading, you may like to see: