Shibboleth 2ContributionsStatus Servlet with Terracotta support

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Status Servlet with Terracotta support

Owned by Russ Beall
Last updated: Oct 03, 2013Version comment

Attached is a simple maven project containing a single servlet which can be installed into the IdP package in the lib directory.  web.xml needs to be modified to serve the servlet.  Loadbalancers and Nagios should look for the word "AVAILABLE".  Simple HTTP availability check should also suffice because the page will throw a server error when Terracotta is non-operational.  The page will also dynamically handle the use case where Terracotta has been removed from the boot loader when running the IdP node in isolation (although the terracotta jar files probably will still be required to be installed).

Here is an example configuration in web.xml.  It mirrors the functionality of the built-in shibboleth status servlet.  Be sure to add relevant IP ranges for your Nagios and/or loadbalancer hosts which you want to have access to the link.

    <!-- Servlet for deep IdP aliveness checking. -->
    <servlet>
        <servlet-name>USCStatus</servlet-name>
        <servlet-class>edu.usc.middleware.shibboleth.idp.StatusServlet</servlet-class>
        <!-- Space separated list of CIDR blocks allowed to access the status page -->
        <init-param>
            <param-name>AllowedIPs</param-name>
            <param-value>127.0.0.1/32</param-value>
        </init-param>
        <load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>USCStatus</servlet-name>
        <url-pattern>/alive</url-pattern>
    </servlet-mapping>

The pom.xml may need to be modified to suit your installed version of the Shibboleth IdP and/or your version of Terracotta.  Terracotta has been found very stable in the 3.5.x series.  The default pom.xml contains configuration for TC 3.5.1 and a commented out block for TC 3.5.4.  Any other version of TC is up to you to figure out how to compile into it, but because the API is so basic, the compiled jar file is likely to work even if you don't use exactly the same version numbers.

Terracotta might need to have the toolkit module installed via tim-get.sh.  You should have something that looks like terracotta-toolkit-1.2-3.1.0.jar somewhere in the modules of the Terracotta installation.  This jar file will likely need to be copied into the shibboleth installer installation along with the maven compiled jar file from the attached project.  Again, depending on your version of installed software, the version numbers in the filename may be different.