Which handler LDAP SSO - NOW kerberos integration

Peter Schober peter.schober at univie.ac.at
Fri Nov 21 09:49:43 EST 2014

* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-21 15:32]:
> Listen 443
> Listen 8443
> Setup the 8443 connector in Tomcat
> <Connector port="8443"

Obviously that cannot work and it doesn't make sense to try to have
both httpd and Tomcat serve backchannel requests on port 8443.
Pick either one, I'd use httpd for both, for consistency (once process
-- httpd -- handling all external requests, the other --Tomcat -- only
available on the loopback interface).

Though I'm missing mod_proxy directices in both your httpd virtual
hosts. How do you expect Tomcat to be reachable then, though httpd?

> LifecycleException:  Protocol handler initialization failed:
>   java.io.IOException: DelegateToApplication TrustManagerFactory not
>   available

If you decide to use httpd for port 8443 (as I suggest above) you
don't use the DTA extension at all. So you cannot use the Shibboleth
documentation for SOAP requests, you *only* configure the 8009 AJP
connector in Tomcat and proxy to that from /both/ httpd vhosts.

Look at the SWITCHaai documentation for complete instructions on how
to do that.

More information about the users mailing list