Setting idp.home
Matthew Slowe
m.slowe at kent.ac.uk
Wed Jul 13 11:05:50 EDT 2016
On Tue, Jul 12, 2016 at 12:47:51PM -0400, Brent Putman wrote:
>
> Also FWIW, after re-reading the Tomcat docs, I think context.xml can
> accept <context-param>s to avoid modifying web.xml. But I'm not sure,
> and plan on giving that a try when I get back to it.
I now seem to have this working. Thanks all for the hints in the right
direction!
I have two new .xml files in a rather unintuitive structure given what
the Tomcat8 wiki page says on the subject (https://tomcat.apache.org/tomcat-8.0-doc/config/context.html):
... individual files (with a ".xml" extension) in the $CATALINA_BASE/conf/[enginename]/[hostname]/ directory
Took a bit of experimentation but it turns out this means that I should
create two new files, one for each base deployment of the IDP, enginname
is Catalina and hostname is localhost (unless you're changed that, I
suspect).
I have the IDP deployed twice -- in /opt/idp/a and /opt/idp/b then war
files copied to /opt/tomcat/webapps/idp-a.war and
/opt/tomcat/webapps/idp-b.war
# find /opt/tomcat/conf/Catalina/
/opt/tomcat/conf/Catalina/
/opt/tomcat/conf/Catalina/localhost
/opt/tomcat/conf/Catalina/localhost/idp-b.xml
/opt/tomcat/conf/Catalina/localhost/idp-a.xml
Each looks a bit like:
<?xml version='1.0' encoding='utf-8'?>
<Context>
<Parameter
name="idp.home"
value="/opt/idp/a"
override="false"
/>
</Context>
Peter: as someone else has said, MS has some restriction I don't quite
understand which allows only one "domain" (in O365 land) to have a given
issuer entityid attached to it yet they only provide one SP side
entityid. I get around this by having two IDPs configured with slightly
different EntityIDs deployed side-by-side... which worked nicely on v2
and was a bit harder to contrive on v3 :)
Hope that helps someone else get there quicker than me!
Ta,
--
Matthew Slowe | Server Infrastructure Officer
IT Infrastructure, Information Services, University of Kent
Room S21, Cornwallis South
Canterbury, Kent, CT2 7NZ, UK
Tel: +44 (0)1227 824265
www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt
PGP: https://keybase.io/fooflington
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160713/64042ae9/attachment.sig>
More information about the users
mailing list