Versions Compared

Old Version 2

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 3

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that it's certainly possible to do all this with IIS, but it is not recommended and is beyond the scope of this example.

Info
title

Grails

If you are using the Grails framework to develop Spring based Groovy/Java web applications, another option is to integrate your container with Spring Security Core and try out the Spring Security Shibboleth Native SP plugin. The documentation is available here.

...

Assuming AJP, This step depends on your servlet container, but Tomcat and its derivatives have an AJP connector commented out by default.

  • Setting the tomcatAuthentication="false" attribute on the AJP <Connector> element allows REMOTE_USER to be automatically set based on what Apache has set. See Tomcat's AJP Connector documentation for more details.

Be careful that there is no direct HTTP listener opened by the servlet container.

...

Service Providers that leverage many attributes or receive many attribute values can expect to exceed the default maximum AJP packet size (8kb). In order to prevent this, raise the maximum AJP packet size to 65kb (maximum allowed by the AJP protocol) or whatever value in between makes sense.This value should be specified both in Apache and your servlet container configuration.

  • Tomcat: Add a packetSize="65536" to the AJP <Connector> element.

  • Apache with mod_jk: Add a worker.<name>.max_packet_size directive to the worker definition.

    Code Block
    worker.<name>.max_packet_size=65536


  • Apache with mod_proxy_ajp: Add a ProxyIOBufferSize directive to Apache's configuration.

    Code Block
    ProxyIOBufferSize 65536


...

Since environment variables are not passed by mod_proxy_ajp unless they have AJP_ prefixes, you'll also need to add attributePrefix="AJP_" to the <ApplicationDefaults> (or in rare cases an appropriate <ApplicationOverride>) element in your configuration:

xml
Code Block
xml
<ApplicationDefaults id="default" policyId="default"
    entityID="https://sp.example.org/shibboleth"
    REMOTE_USER="eppn persistent-id targeted-id"
    attributePrefix="AJP_">

In a Java web application, environment variables can be accessed by calling the HttpServletRequest.getAttribute method. Note that Tomcat's implementation of the getAttributeNames method is broken, as described in the following thread in the Shibboleth users mailing list.

title
Warning

Struts 2 Issue

When deploying an application written using the Struts 2 framework, see the Java example section on the attribute access page for an issue with retrieving attribute values with certain problematic names.

...