...
- Tomcat: Tomcat has an AJP 1.3 connector enabled by default.
- Setting the
tomcatAuthentication="false"
attribute on the AJP<Connector>
element allows for passingREMOTE_USER
from Apache httpd. See Tomcat's AJP Connector documentation for more.
- Setting the
- Jetty: Jetty's documentation has good instructions on how to enable both Jetty and your application to listen on AJP 1.3.
...
- Tomcat: Add a
packetSize="65536"
to the AJP<Connector>
element. Apache httpd with mod_jk: Add a worker.<name>.max_packet_size directive to the worker definition.
Code Block worker.<name>.max_packet_size=65536
Apache httpd with mod_proxy_ajp: Add a ProxyIOBufferSize directive to Apache httpd's configuration.
Code Block ProxyIOBufferSize 65536
...
Add a line to your Apache httpd configuration, such as in httpd.conf
, to map requests on the proper virtual hosts to your application through AJP 1.3.
Code Block |
---|
ProxyPass /my-application ajp://localhost:8009/my-application
|
...
Add a line to your Apache httpd configuration on the proper virtual host, such as in httpd.conf
, to trigger Shibboleth session initiation and authentication for your application:
Code Block |
---|
<Location /my-application>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
|
Since environment variables are not passed by mod_proxy_ajp
unless they have AJP_
prefixes, you'll also need to add attributePrefix="AJP_"
to the <ApplicationDefaults>
(or appropriate <ApplicationOverride>
) element in your shibboleth2.xml:
Code Block | ||||
---|---|---|---|---|
| ||||
<ApplicationDefaults id="default" policyId="default"
entityID="https://sp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false"
attributePrefix="AJP_">
|
...