IDP troubleshooting

Cantor, Scott cantor.2 at
Thu May 12 17:12:50 EDT 2016

> Yes, I restarted Tomcat.  I don't know how to restart Tomcat while clearing all
> of it's working state.  Can you tell me how to do that, or point me in the right
> direction?

You need to destroy all of its temp and work files, wherever they live. Any unpacked content from the warfile, etc., it all needs to be destroyed between the restarts.

> I'm also not sure if I am running with an unpacked warfile.

What's in the deployment descriptor used to tell Tomcat to load the IdP webapp? V2 being out of date notwithstanding, both versions have some documentation in the wiki around how to deploy the IdP to the container and what to put in idp.xml, and our instructions follow the approaches we suggest to use.

> I see the idp.war unpacked in /var/lib/tomcat6/webapps/idp, and
> /var/cache/tomcat6/work/Catalina/localhost/idp/org/apache/jsp, but you're
> probably talking about something else, right?

No. All of that content has to be destroyed if you restart the container. Thats' what's causing the problem, most likely.

> I restored a snapshot of our shibboleth-idp prior to the yum updates and
> confirmed it was working correctly, than applied all the yum updates
> excluding tomcat6*, and the systems still works correctly, so I agree with you
> that it's the updated Tomcat.

Updating Tomcat or Java or both while its running will basically risk corrupting working files and leave a container that doesn't have a good reaction to that in a bad state. Tomcat is definitely one of those containers. It does not like things getting changed underneath it.

> Any suggestions you can give me to help
> troubleshoot the issue with this Tomcat upgrade would be greatly
> appreciated.  I will also open a case with Red Hat.

I think you already did. You did the upgrade under more controlled conditions, and it worked. Don't do it any other way, that's the point.

Even if your controlled test involved updating while it's running, that just means you got lucky that time. Do it again and you might not.

-- Scott

More information about the users mailing list