[SciFed] Tomcat 6 requirement for Shib IDP
Chad La Joie
lajoie at itumi.biz
Wed Jan 25 18:39:08 GMT 2012
There is a bug report in the Tomcat issue tracking system. I don't
know the number but it's many years old by now. This is *not* a new
bug by any definition.
On Wed, Jan 25, 2012 at 13:36, Dhivakaran Muruganantham
<dmuruganantham at lbl.gov> wrote:
> Nate,
> Thank you very much. This helps.
> Leads to another question, Is there a CVE number for 'parsing
> specification-compliant cookies' with Tomcat5?
> The reason for my question is Redhat/CentOS platform specific builds have
> regular updates on Tomcat5, so may be this problem the developer mentioned
> is not applicable. I can look at the tomcat5 package changeLog from Redhat
> or ask the developer about this issue. But i need CVE reference.
>
> I don't think i am the only one, interested in running CentOS/Redhat
> platform.
> Doing a 'yum' install using the Standard repo is always preferred method,
> instead of downloading a generic package. I think.
>
> thanks
> dhiva
>
>
>
> On Wed, Jan 25, 2012 at 10:19 AM, Nate Klingenstein <ndk at internet2.edu>
> wrote:
>>
>> Dhiva,
>>
>> I asked the lead developer of the IdP for details as to why Tomcat 5 is
>> not supported. Apparently Tomcat 5 has a problem parsing
>> specification-compliant cookies that they have chosen to not fix, with the
>> suggested remedy of "upgrade to 6." As a result, we can only support Tomcat
>> 6.
>>
>> Tomcat 6 packages are available directly from the Tomcat project's
>> website:
>>
>> http://tomcat.apache.org/download-60.cgi
>>
>> Future distributions of the IdP with an embedded servlet container would
>> hopefully reduce the amount of package management you'll need to do.
>>
>> Hope this answers your question,
>> Nate.
>>
>>
>> On 1/25/2012 17:37, Dhiva wrote:
>>
>> >> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPInstall
>> >> The Shibboleth Identity Provider, version 2, is a standard Java web
>> >> application based on the Servlet 2.4 specification.
>>
>> >>
>> >> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPApacheTomcatPrepare
>> >> Apache Tomcat 6.0.17 or greater (NOT 7)
>> >> Java 5 or greater (Java 6 recommended )
>>
>> My issue here is that Redhat/CentOS machines does have Tomcat 5 packages,
>> but NOT tomcat 6.
>> But the servlet specification is indeed 2.4, which matches with Shib
>> requirement.
>> I have used jpackage.repo in the past, but it is not consistently
>> providing tomcat 6 packages for Redhat/CentOS.
>>
>> I would like to stay with Redhat/CentOS Package Repository, so i wanted to
>> know if Tomcat 5 along with the OpenJDK.
>>
>>
>> thanks
>> dhiva
>>
>>
>>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
More information about the users
mailing list