IdP rejects any authentication attempts

Typical error reads like:

Unauthenticated principal. This protocol handler requires that authentication information be provided from the servlet container

This is caused by inproper configuration for your mod_jk or mod_proxy, and not protecting /shibboleth-idp/SSO accordingly in apache.

Make sure your server.xml port 8009 has tomcatAuthentication="false" or request.tomcatAuthentication="false", otherwise tomcat will always feed null values to IdP (if this idp is protected by apache). If your IdP uses tomcat authentication (rather than apache authentication), then you need to make sure tomcatAuthentication="true" and shibboleth-idp's web.xml is properly protected.