Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Code Block
xml
xml
titleExamples of Additional Mappings

<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/Shibboleth/SSO</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/Shibboleth/HS</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/SAML1/SOAP/AttributeQuery</url-pattern>
</servlet-mapping>

...

Code Block
xml
xml
titleProtocolHandler Expressions

<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/SSO</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/HS</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
    <Location>.+:8443/(shibboleth/AA|idp/profile/SAML1/SOAP/AttributeQuery)</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.Shibboleth_StatusHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp(/profile)?)/Status</Location>
</ProtocolHandler>

...

Code Block
xml
xml
titleidp.xml Context Fragment

<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">

    <Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/
etc/prod/idp.xml" override="false"/>
...
</Context>
Code Block
xml
xml
titleshibboleth.xml Context Fragment

<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">

    <Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/
etc/prod/shibboleth.xml" override="false"/>
...
</Context>

...

First, there was a bug in the handling of embedded links in various JSP pages served by the IdP. Since these files were already being customized by me, the bug was more a matter of customizing them correctly. The bug is described at https://bugsissues.internet2shibboleth.edunet/jira/browse/SIDPO-31. Fixing this requires making sure any content like style sheets or images that are inside the root of the warfile are referenced with a request.getServletContextgetContextPath() prefix. Examples:

Code Block
titleOld (broken) URL references
<link rel="stylesheet" type="text/css" href="main.css" />
<img src="images/logo.jpg" alt="Logo" />
Code Block
titleFixed versions
<% String base = request.getContextPath(); %>
<link rel="stylesheet" type="text/css" href="<%= base %>/main.css" />
<img src="<%= base %>/images/logo.jpg" alt="Logo" />

The other issue concerned making SSO work, and was caused by the default path property associated with the cookies that the IdP was creating using the authHeaderName="COOKIE" feature. Since I wanted the SSO cookie to be visible to both copies, I needed to modify src/edu/internet2/middleware/shibboleth/idp/provider/SSOHandler.java and add cookie.setPath("/") to the getRemoteUser method.