Getting 403 error trying to config ECP on Tomcat

[Mark John Rank]

Scott:

I will take a look at the container logs again. Nothing was jumping out. 
I was having trouble initially getting Tomcat startup to recognize
the login.config and there were some errors but I thought I killed them
all. 

The role config has proven temperamental and I will admit it exceeds 
my understanding a bit. I tried leaving it out and variations of
wildcards without success. I will try and poke around at logging some
more and see if that points me a direction.

Thanks,
Mark 

------------------------------------------
Mark Rank 
Middleware and Identity Management Group
University Information Technology Services 
UW-Milwaukee                       
Email: rankm at uwm.edu            
Phn:  414-229-3706     
------------------------------------------

----- Original Message -----
From: "Scott Cantor" <cantor.2 at osu.edu>
To: "Shib Users" <users at shibboleth.net>
Sent: Thursday, November 1, 2012 5:03:05 PM
Subject: Re: Getting 403 error trying to config ECP on Tomcat

On 11/1/12 5:54 PM, "Mark John Rank" <rankm at uwm.edu> wrote:
>
>Another ECP config question. Going to apologize right off the bat
>if this has been addressed already but searching the list archives
>and wiki's hasn't gotten me past what is likely a very simple
>configuration issue.

Does your container log say anything?

>LDAP logs are showing a successful bind but that is all. My hunch is
>I either have something askew with my login.config used for JAAS or
>the <security-constraint> in the web.xml. Snips of both are presented
>below...

The role is what stands out for me since I've never used it. I guess those
role properties in the JAAS config are supposed to make all that work, but
I would guess that's the culprit if it's binding.

I would try turning up logging for the JAAS module at the container layer.
That can be tricky of course, but is usually possible.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net