Versions Compared

Old Version 3

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that it's certainly possible to do all this with IIS, but it is not recommended and is beyond the scope of this example.

Info

Grails

If you are using the Grails framework to develop Spring based Groovy/Java web applications, another option is to integrate your container with Spring Security Core and try out the Spring Security Shibboleth Native SP plugin. The documentation is available here.

1. Setup Apache with Shibboleth

...

  • Setting the tomcatAuthentication="false" attribute on the AJP <Connector> element allows REMOTE_USER to be automatically set based on what Apache has set. See Tomcat's AJP Connector documentation for more details.

  • Recent Tomcat versions also limit the acceptance of any attributes, and the allowedRequestAttributesPattern setting must be added to approve the attribute names to accept (or wildcarded).

Be careful that there is no direct HTTP listener opened by the servlet container.

...

Since environment variables are not passed by mod_proxy_ajp unless they have AJP_ prefixes, you'll also need to add attributePrefix="AJP_" to the <ApplicationDefaults> (or in rare cases an appropriate <ApplicationOverride>) element in your configuration:

...