...
- Tomcat: Tomcat has an AJP 1.3 connector enabled by default.
- Setting the
tomcatAuthentication="false"attribute on the AJP<Connector>element allows for passingREMOTE_USERfrom Apache httpd. See Tomcat's AJP Connector documentation for more.
- Setting the
- Jetty: Jetty's documentation has good instructions on how to enable both Jetty and your application to listen on AJP 1.3.
...
- Tomcat: Add a
packetSize="65536"to the AJP<Connector>element. Apache httpd with mod_jk: Add a worker.<name>.max_packet_size directive to the worker definition.
Code Block worker.<name>.max_packet_size=65536
Apache httpd with mod_proxy_ajp: Add a ProxyIOBufferSize directive to Apache httpd's configuration.
Code Block ProxyIOBufferSize 65536
...
Add a line to your Apache httpd configuration, such as in httpd.conf, to map requests on the proper virtual hosts to your application through AJP 1.3.
| Code Block |
|---|
ProxyPass /my-application ajp://localhost:8009/my-application
|
...
Add a line to your Apache httpd configuration on the proper virtual host, such as in httpd.conf, to trigger Shibboleth session initiation and authentication for your application:
| Code Block |
|---|
<Location /my-application>
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
</Location>
|
Since environment variables are not passed by mod_proxy_ajp unless they have AJP_ prefixes, you'll also need to add attributePrefix="AJP_" to the <ApplicationDefaults> (or appropriate <ApplicationOverride>) element in your shibboleth2.xml:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<ApplicationDefaults id="default" policyId="default"
entityID="https://sp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false"
attributePrefix="AJP_">
|
...