Preparing Jetty 7 for the Shibboleth Identity Provider
Within this document the macro
IDP_SRC will be used to refer to the location of the expand IdP distribution directory. The macro
IDP_HOME will be used to refer to IdP installation directory (as given during the installation process). The macro
JETTY_HOME will be used to refer to the location of the Jetty installation directory.
- Jetty 7.3.1+
- Java 6 or later
Required Configuration Changes
- Jetty listens on ports 8080 and 8443 for user-facing web traffic by default. You will most likely need to modify these ports to 80 and 443 in the jetty.xml and jetty-ssl.xml config files, and make arrangements for Jetty to run as root, or utilize a setuid extension to support the privileged ports.
- Add the following Java options to your
start.ini(all ### is the amount of memory in megabytes to allow for the option):
- Uncomment --exec
- Uncomment etc/jetty-ssl.xml at the bottom of start.ini
Recommended Configuration Changes
Supporting SOAP Endpoints
Most new deployments without legacy needs will not need to support back-channel SOAP communication. The most common case requiring this feature is support for legacy Shibboleth SPs using SAML 1.1 that perform attribute queries using SOAP.
If you do need this support, these connections require special security properties which are not appropriate for user-facing/browser use. Therefore an additional endpoint must be configured.
- Copy the jetty7-dta-ssl-2.0.0.jar (asc) to JETTY_HOME/lib/ext.
Create the file JETTY_HOME/etc/jetty-shibboleth.xml and place the following content in it:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
IDP_HOME with the IdP home directory entered during installation.
PASSWORD with the password for the IdP key entered during installation.
etc/jetty-shibboleth.xml to your Jetty
start.ini file (toward the bottom of the file you should see other configuration files listed).
Deploying the IdP
In order to deploy the IdP Jetty must be informed of the location of the IdP war. This can be done by:
Create the file JETTY_HOME/contexts/idp.xmland place the following content in it (replacing
IDP_HOME with your IdP's home directory):