Jetty 9.4 listening on http

Wessel, Keith kwessel at illinois.edu
Tue Jul 16 18:13:03 EDT 2019 

Hi, all,

I've been beating my head against the wall on this for the past hour or so and thought I'd see if anyone else had run into this.

I decided, just to be on the latest and greatest of things during the summer, to upgrade from Jetty 9.4.18 to 9.4.19. In doing so, however, all of my work to make X-Forwarded work no longer does what it's supposed to. The IdP sees the requests as being sent to localhost instead of the hostname of the test IdP cluster. I didn't change anything in my jetty-base; all I did was point my opt/jetty symlink to the new version of Jetty, and it's opt/jetty/bin that's in my path controlling which jetty.sh gets run.

I did try explicitly running a start.jar --add-to-start=http-forwarded to see if that would pull anything new in, but it didn't. And it didn't fix anything.

The release notes for 9.4.19 do reference a correction to the value for X-forwarded-for, but I can't see how that would break anything like this.

I'm missing something obvious here, but I can't figure out what. Any thoughts?

Thanks,
Keith


-----Original Message-----
From: Wessel, Keith 
Sent: Thursday, May 30, 2019 2:45 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Jetty 9.4 listening on http

I've added a section to the bottom of the page. Can't promise anything in terms of proper formatting, but hopefully someone more suited than I am can take a look at that.

https://wiki.shibboleth.net/confluence/display/IDP30/Jetty94#Jetty94-ConfigureJettytolistenonlyonHTTP

Keith

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Thursday, May 30, 2019 10:50 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Jetty 9.4 listening on http

On 5/30/19, 11:37 AM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> I took your advice and added --module=http to idp.ini instead of adding it to idp.mod. Unfortunately, I still have to
> modify idp.mod to remove the https and ssl modules. If you make updates to this aftifact, perhaps move those out of
> idp.mod and into idp.ini for easier switching on and off and better consistency across updates.

I think the module side is meant to be for what you absolutely depend on that can't be turned off, so I would agree with that.

> I'm happy to document this on the IDP3 Jetty94 wiki page.

That would be appreciated.

-- Scott


-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list