[SciFed] Tomcat 6 requirement for Shib IDP
dmuruganantham at lbl.gov
Wed Jan 25 18:36:01 GMT 2012
Thank you very much. This helps.
Leads to another question, Is there a CVE number for 'parsing
specification-compliant cookies' with Tomcat5?
The reason for my question is Redhat/CentOS platform specific builds have
regular updates on Tomcat5, so may be this problem the developer mentioned
is not applicable. I can look at the tomcat5 package changeLog from Redhat
or ask the developer about this issue. But i need CVE reference.
I don't think i am the only one, interested in running CentOS/Redhat
Doing a 'yum' install using the Standard repo is always preferred method,
instead of downloading a generic package. I think.
On Wed, Jan 25, 2012 at 10:19 AM, Nate Klingenstein <ndk at internet2.edu>wrote:
> I asked the lead developer of the IdP for details as to why Tomcat 5 is
> not supported. Apparently Tomcat 5 has a problem parsing
> specification-compliant cookies that they have chosen to not fix, with the
> suggested remedy of "upgrade to 6." As a result, we can only support
> Tomcat 6.
> Tomcat 6 packages are available directly from the Tomcat project's website:
> Future distributions of the IdP with an embedded servlet container would
> hopefully reduce the amount of package management you'll need to do.
> Hope this answers your question,
> On 1/25/2012 17:37, Dhiva wrote:
> >> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPInstall
> >> The Shibboleth Identity Provider, version 2, is a standard Java web
> application based on the Servlet 2.4 specification.
> >> Apache Tomcat 6.0.17 or greater (NOT 7)
> >> Java 5 or greater (Java 6 recommended )
> My issue here is that Redhat/CentOS machines does have Tomcat 5
> packages, but NOT tomcat 6.
> But the servlet specification is indeed 2.4, which matches with Shib
> I have used jpackage.repo in the past, but it is not consistently
> providing tomcat 6 packages for Redhat/CentOS.
> I would like to stay with Redhat/CentOS Package Repository, so i wanted
> to know if Tomcat 5 along with the OpenJDK.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users