IDP 4.3.1 Ubuntu 22.04/Tomcat 9 - No Access to App Subdirectories

Ullfig, Roberto Alfredo rullfig at uic.edu
Mon Jun 26 20:38:17 UTC 2023 

We have them in /opt/shibboleth-idp/edit-webapp/images/ and that works on the Centos server. Tomcat was installed differently, on Centos it was a downloaded from the Apache web site. On Ubuntu it was installed via apt. Not sure if it matters but with the Apache web install everything ended up in /opt/tomcat (BASE and HOME) while with the apt install that's /var/lib/tomcat9 and /usr/share/tomcat9 respectively

Tried moving them to edit-webapp/WEB-INF/images and got the same error.

I had to add this to the tomcat9 systemd file:

[Service]
ReadWritePaths=/var/log/shibboleth/
ReadWritePaths=/opt/shibboleth-metadata/

otherwise, nothing would get written to the logs so I'm still wondering if this is a systemd issue.

---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
________________________________
From: Wessel, Keith <kwessel at illinois.edu>
Sent: Monday, June 26, 2023 3:11 PM
To: Shib Users <users at shibboleth.net>
Cc: Ullfig, Roberto Alfredo <rullfig at uic.edu>
Subject: RE: IDP 4.3.1 Ubuntu 22.04/Tomcat 9 - No Access to App Subdirectories


If you’re trying to access them at /idp/images, you should put them in edit-webapp/WEB-INF/images and rebuild the war file. Any paths under /dip are taken from contents of the war file.



If you want them in /images, not /idp/images, that needs to be handled by the root app of Tomcat.



Keith





From: users <users-bounces at shibboleth.net> On Behalf Of Ullfig, Roberto Alfredo via users
Sent: Monday, June 26, 2023 2:38 PM
To: Shib Users <users at shibboleth.net>
Cc: Ullfig, Roberto A (UIC) <rullfig at uic.edu>
Subject: IDP 4.3.1 Ubuntu 22.04/Tomcat 9 - No Access to App Subdirectories



We're migrating the IDP from Centos 7 to Ubuntu 22.04. The IDP in general works just fine but I get this error when trying to access any file in a subdirectory:



"The origin server did not find a current representation for the target resource or is not willing to disclose that one exists."



For instance we have some images under idp/images that return that error. At first I thought it was related to systemd readwrite restrictions but that doesn't seem to be the case. Has anyone come across this before? Thanks!



---

Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20230626/d6fb3d34/attachment.htm>

More information about the users mailing list