X509 Authn in IDPv3

Cantor, Scott cantor.2 at osu.edu
Wed Apr 6 09:19:28 EDT 2016

On 4/6/16, 1:22 AM, "users on behalf of Pradeep Jamble" <users-bounces at shibboleth.net on behalf of pjamble at gmail.com> wrote:

>I'm using mod_jk to front tomcat. The version of Apache is 2.4.7 and version of Tomcat is 7.0.52; looks like its a supported version.

Only marginally. I would be looking at 9, but in any case mod_jk is also suspect and you should be using mod_proxy_ajp.

Make those changes and see what happens.

>I'm not sure if it's reaching at that point but do I also have to update the data connector filter in attribute resolver to something specific to x509?

No, you have to configure the X.509 subject canonicalization to apply, but it isn't getting anywhere near that.

-- Scott

More information about the users mailing list