...
- Added a duplicate set of
<servlet-mapping>
elements so the named "IdP" servlet would run at the new paths needed.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Examples of Additional Mappingsxml |
---|
|
<servlet-mapping>
<servlet-name>IdP</servlet-name>
<url-pattern>/profile/Shibboleth/SSO</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>IdP</servlet-name>
<url-pattern>/profile/Shibboleth/HS</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>IdP</servlet-name>
<url-pattern>/profile/SAML1/SOAP/AttributeQuery</url-pattern>
</servlet-mapping>
|
...
I needed two copies of the master configuration file, but only to keep the logging separate; the rest is identical. I copied the existing idp.xml
to a second copy called shibboleth.xml
and configured the logging to load different log4j property files with different logging paths. Then I modified the configuration to enable the additional profile handler locations as follows:
Code Block |
---|
| xml |
---|
| xml |
---|
title | ProtocolHandler Expressionsxml |
---|
|
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
<Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/SSO</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
<Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/HS</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
<Location>.+:8443/(shibboleth/AA|idp/profile/SAML1/SOAP/AttributeQuery)</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.Shibboleth_StatusHandler">
<Location>https://[^:/]+(:443)?/(shibboleth|idp(/profile)?)/Status</Location>
</ProtocolHandler>
|
...
I was already using a context fragment to deploy the original warfile, so I simply modified it and added a second. Each copy points to the same warfile, but one is named "shibboleth.xml" and the other "idp.xml", and they reference the appropriate configuration file as follows:
Code Block |
---|
| xml |
---|
| xml |
---|
title | idp.xml Context Fragmentxml |
---|
|
<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">
<Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/etc/prod/idp.xml" override="false"/>
...
</Context>
|
Code Block |
---|
| xml |
---|
| xml |
---|
title | shibboleth.xml Context Fragmentxml |
---|
|
<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">
<Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/etc/prod/shibboleth.xml" override="false"/>
...
</Context>
|
...