Setting idp.home

Matthew Slowe m.slowe at kent.ac.uk
Wed Jul 13 11:05:50 EDT 2016



On Tue, Jul 12, 2016 at 12:47:51PM -0400, Brent Putman wrote:
> 
>  Also FWIW, after re-reading the Tomcat docs, I think context.xml can
>  accept <context-param>s to avoid modifying web.xml. But I'm not sure,
>  and plan on giving that a try when I get back to it.

I now seem to have this working. Thanks all for the hints in the right
direction!

I have two new .xml files in a rather unintuitive structure given what
the Tomcat8 wiki page says on the subject (https://tomcat.apache.org/tomcat-8.0-doc/config/context.html):

... individual files (with a ".xml" extension) in the $CATALINA_BASE/conf/[enginename]/[hostname]/ directory 

Took a bit of experimentation but it turns out this means that I should
create two new files, one for each base deployment of the IDP, enginname
is Catalina and hostname is localhost (unless you're changed that, I
suspect).

I have the IDP deployed twice -- in /opt/idp/a and /opt/idp/b then war
files copied to /opt/tomcat/webapps/idp-a.war and
/opt/tomcat/webapps/idp-b.war

# find /opt/tomcat/conf/Catalina/
/opt/tomcat/conf/Catalina/
/opt/tomcat/conf/Catalina/localhost
/opt/tomcat/conf/Catalina/localhost/idp-b.xml
/opt/tomcat/conf/Catalina/localhost/idp-a.xml

Each looks a bit like:

<?xml version='1.0' encoding='utf-8'?>
<Context>
        <Parameter
                name="idp.home"
                value="/opt/idp/a"
                override="false"
        />
</Context>


Peter: as someone else has said, MS has some restriction I don't quite
understand which allows only one "domain" (in O365 land) to have a given
issuer entityid attached to it yet they only provide one SP side
entityid. I get around this by having two IDPs configured with slightly
different EntityIDs deployed side-by-side... which worked nicely on v2
and was a bit harder to contrive on v3 :)

Hope that helps someone else get there quicker than me!

Ta,
-- 
Matthew Slowe | Server Infrastructure Officer
IT Infrastructure, Information Services, University of Kent
Room S21, Cornwallis South
Canterbury, Kent, CT2 7NZ, UK
Tel: +44 (0)1227 824265 

www.kent.ac.uk/is | @UnikentUnseenIT | @UKCLibraryIt
PGP: https://keybase.io/fooflington
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160713/64042ae9/attachment.sig>


More information about the users mailing list