Versions Compared

Old Version 8

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • Added a duplicate set of <servlet-mapping> elements so the named "IdP" servlet would run at the new paths needed.
Code Block
xml
xml
titleExamples of Additional Mappingsxml
<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/Shibboleth/SSO</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/Shibboleth/HS</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>IdP</servlet-name>
    <url-pattern>/profile/SAML1/SOAP/AttributeQuery</url-pattern>
</servlet-mapping>

...

I needed two copies of the master configuration file, but only to keep the logging separate; the rest is identical. I copied the existing idp.xml to a second copy called shibboleth.xml and configured the logging to load different log4j property files with different logging paths. Then I modified the configuration to enable the additional profile handler locations as follows:

Code Block
xml
xml
titleProtocolHandler Expressionsxml
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/SSO</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp/profile/Shibboleth)/HS</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
    <Location>.+:8443/(shibboleth/AA|idp/profile/SAML1/SOAP/AttributeQuery)</Location>
</ProtocolHandler>
<ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.Shibboleth_StatusHandler">
    <Location>https://[^:/]+(:443)?/(shibboleth|idp(/profile)?)/Status</Location>
</ProtocolHandler>

...

I was already using a context fragment to deploy the original warfile, so I simply modified it and added a second. Each copy points to the same warfile, but one is named "shibboleth.xml" and the other "idp.xml", and they reference the appropriate configuration file as follows:

Code Block
xml
xml
titleidp.xml Context Fragmentxml
<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">

    <Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/etc/prod/idp.xml" override="false"/>
...
</Context>
Code Block
xml
xml
titleshibboleth.xml Context Fragmentxml
<Context docBase="${catalina.home}/shibboleth/webapps/shibboleth.war">

    <Parameter name="IdPConfigFile" value="file:///usr/local/shibboleth-idp/etc/prod/shibboleth.xml" override="false"/>
...
</Context>

...