Getting 403 error trying to config ECP on Tomcat

Mark John Rank rankm at
Thu Nov 1 21:38:06 EDT 2012


Thanks for the pointer on the wildcard and the need to tweak 
the config for that.  I will get that working.  AuthZ is not
need for out installation.

As always, thanks for your responsiveness.


Mark Rank 
Middleware and Identity Management Group
University Information Technology Services 
Email: rankm at            
Phn:  414-229-3706     

----- Original Message -----
From: "Scott Cantor" <cantor.2 at>
To: "Shib Users" <users at>
Sent: Thursday, November 1, 2012 8:10:27 PM
Subject: Re: Getting 403 error trying to config ECP on Tomcat

On 11/1/12 8:17 PM, "Mark John Rank" <rankm at> wrote:
>I will take a look at the container logs again. Nothing was jumping out.
>I was having trouble initially getting Tomcat startup to recognize
>the login.config and there were some errors but I thought I killed them

Clearly some if it's binding.

>The role config has proven temperamental and I will admit it exceeds
>my understanding a bit. I tried leaving it out and variations of
>wildcards without success. I will try and poke around at logging some
>more and see if that points me a direction.

I've used '*' very universally, it's just that on newer Tomcat and Jetty
servers you have to set some non-default properties to get it to work
since it's outside the servlet spec to do it. But I did it on Tomcat 6 and
on Jetty now. So unless you need the role thing for some reason, I would
definitely use it and get that working.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list