...
Note that it's certainly possible to do all this with IIS, but it is not recommended and is beyond the scope of this example.
Info |
---|
GrailsIf you are using the Grails framework to develop Spring based Groovy/Java web applications, another option is to integrate your container with Spring Security Core and try out the Spring Security Shibboleth Native SP plugin. The documentation is available here. |
1. Setup Apache with Shibboleth
...
Setting the
tomcatAuthentication="false"
attribute on the AJP<Connector>
element allowsREMOTE_USER
to be automatically set based on what Apache has set. See Tomcat's AJP Connector documentation for more details.Recent Tomcat versions also limit the acceptance of any attributes, and the
allowedRequestAttributesPattern
setting must be added to approve the attribute names to accept (or wildcarded).
Be careful that there is no direct HTTP listener opened by the servlet container.
...
Since environment variables are not passed by mod_proxy_ajp
unless they have AJP_
prefixes, you'll also need to add attributePrefix="AJP_"
to the <ApplicationDefaults> (or in rare cases an appropriate <ApplicationOverride>) element in your configuration:
...