Getting 403 error trying to config ECP on Tomcat

Mark John Rank rankm at
Thu Nov 1 20:17:01 EDT 2012


I will take a look at the container logs again. Nothing was jumping out. 
I was having trouble initially getting Tomcat startup to recognize
the login.config and there were some errors but I thought I killed them

The role config has proven temperamental and I will admit it exceeds 
my understanding a bit. I tried leaving it out and variations of
wildcards without success. I will try and poke around at logging some
more and see if that points me a direction.


Mark Rank 
Middleware and Identity Management Group
University Information Technology Services 
Email: rankm at            
Phn:  414-229-3706     

----- Original Message -----
From: "Scott Cantor" <cantor.2 at>
To: "Shib Users" <users at>
Sent: Thursday, November 1, 2012 5:03:05 PM
Subject: Re: Getting 403 error trying to config ECP on Tomcat

On 11/1/12 5:54 PM, "Mark John Rank" <rankm at> wrote:
>Another ECP config question. Going to apologize right off the bat
>if this has been addressed already but searching the list archives
>and wiki's hasn't gotten me past what is likely a very simple
>configuration issue.

Does your container log say anything?

>LDAP logs are showing a successful bind but that is all. My hunch is
>I either have something askew with my login.config used for JAAS or
>the <security-constraint> in the web.xml. Snips of both are presented

The role is what stands out for me since I've never used it. I guess those
role properties in the JAAS config are supposed to make all that work, but
I would guess that's the culprit if it's binding.

I would try turning up logging for the JAAS module at the container layer.
That can be tricky of course, but is usually possible.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list