Strange error in catalina.out: "SEVERE: Error initializing endpoint java.net.BindException: Address already in use <null>:8443"
Christian Munive
christian.munive at gmail.com
Wed Sep 17 17:26:53 EDT 2014
Hi. Yep, I just finished setting up a couple of IdPs, one with Apache +
Tomcat, and another with Tomcat alone, the later following your guide.
The errors in catalina.out are gone and both work nicely. And you're right,
it's more simple / easy to use Tomcat alone. I got a bit confused with the
configuration instructions, trying to "complete" the SWITCH configuration
with bits from the Shib guide... but it's clear for me now.
Thanks again.
2014-09-16 10:39 GMT-05:00 Peter Schober <peter.schober at univie.ac.at>:
> * Christian Munive <christian.munive at gmail.com> [2014-09-16 16:19]:
> > I see... thanks Peter. Yeah, I was trying to follow these instructions:
> >
> > https://www.switch.ch/aai/docs/shibboleth/SWITCH/latest/idp/deployment/
> >
> > But also including the instructions from the main site:
> >
> >
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPApacheTomcatPrepare
>
> Yeah, you can't combine those. The SWITCH guide uses httpd (and is
> complete/sufficient by itself), the Shib wiki only has the
> instructions to add SOAP support to Tomcat when using Tomcat solo
> (there's your conflict with httpd and the SWITCH docs).
> The Shib wiki also does not detail setting up TLS/SSL for port 443
> (since this is not Shib specific).
>
> If you want to try or compare yet another set of third party
> documentation (for Tomcat solo, incl TLS setup) have a look at my own:
> https://wiki.univie.ac.at/display/federation/Shibboleth+IDP+2.4
> Concact me off-list for any questions about that, of course.
>
> > I just tried what you recommended (using the port 443 only) and the
> > problem went away.
>
> I did not say anything that amounts to "using the port 443 only":
> For Tomcat+httpd you'd use Tomcat on port 8009 only, and let httpd
> proxy and serve 443 and 8443.
> For Tomcat solo you'd serve 443 and 8443 from Tomcat itself.
>
> > I'll give it a thought and see which port / configuration might be
> > the better one.
>
> Somewhat academic, but things to consider:
>
> * 2 servers (Tomcat+httpd) needed for 1 purpose vs. 1 server (Tomcat solo):
>
> * ease of running the JVM as non-root (also depends on
> OS/distribution; it's trivial on Debian/Ubuntu; I have a locally
> rolled SRPM for authbind if you wanted to have the same on RHEL-like
> systems):
>
> * ease of configuring TLS/SSL (though with PKCS#12 support in Tomcat
> the pain of managing JKS goes away, see my documention above):
>
> * versions of Tomcat available through package management (for
> security updates) in the OS/distribution you're using, and the
> availability of the DelegateToApplication extension for Tomcat:
>
> * easy of adding container-based authentication for ECP
>
> These are the main points, I feel.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140917/72c34cc4/attachment.html
More information about the users
mailing list