Shibboleth IDP3 & IDP4 - CORS Handling

prasanna cg prasannacgin at
Mon Aug 31 17:58:25 UTC 2020

Hello Experts,

We have an application reporting CORS issue for the same use-case as mentioned in the below IDPv3 knowledge article <>

My Current State: IDP version is v3.3.1 and is deployed in Tomcat 8 / JDK 8. We are in parallel working to upgrade the IDP to v4 and Tomcat to v9 / Corretto JDK 11

Before going ahead with applying the workaround suggested, I wanted to reach out and get below questions answered. 


Work around for Current state:

1) The above article describes the workaround to be performed by adding the CORS filter from Jetty container into the IDP’s web.xml. For my IDP v3 deployed on Tomcat 8, should I be using the equivalent Tomcat’s CORS filter (from link below)  in the IDP’s Web.XML ? <>

Workaround for my future state:

2) I do not see a similar knowledge article for IDPv4 yet. So can you confirm if the same workaround is applicable for IDPv4 on Tomcat v9 too ? Or is there anything different ?

Please help me understand !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list