IdP install issue

Daniel A. Ramaley daniel.ramaley at
Fri Nov 18 21:21:37 GMT 2011

On 2011-11-18 at 14:05:50, Cantor, Scott wrote:
>Your container is not loading the right Xerces jars, so whatever you
>did in that area is apparently broken.

Thank you so much! That was enough of a nudge in the right direction
that i was able to figure it out.

The problem was that in /etc/tomcat6/tomcat6.conf i'd set this:
Djava.endorsed.dirs=/usr/share/tomcat6/endorsed -Xms512m -Xmx1024m -
But i noticed from running "ps" that "-Djava.endorsed.dirs=" appeared 
twice... once with the expected value, and again after that with no 
value. I figured the second occurrence, with no value, was clobbering 
the first one. After tracing through the startup scripts, i found that 
RHEL 6 uses a separate variable for endorsed directories. I set this in 
tomcat6.conf and now all is well:

>If you had to change permissions, you installed the IdP as a different
>user than you're running it under.

Will that cause problems down the road? I did the install as root, but 
Tomcat runs as the tomcat user. I could probably run the install as 
tomcat as long as /opt had permissions set so that tomcat could create 
the shibboleth-idp directory, right?

Daniel A. Ramaley
Network Engineer 2

Dial Center 112, Drake University
2407 Carpenter Ave / Des Moines IA 50311 USA
Tel: +1 515 271-4540
Fax: +1 515 271-1938
E-mail: daniel.ramaley at

More information about the users mailing list