Page History
...
For security reasons, Tomcat should accept requests on port 8009, but only from localhost, and redirect to the SSL port 6443. Port 8009 and 6443 should not be reachable from outside the localhost, which is a change from the non-SSO Shrine installation where clients connect to port 6443. The two connector directives below should be merged into the existing server.xml.
Verify that there already is a Connector listening to https requests on port 6443. It should look like this:
...
Configure the AJP connector. Note the allowedRequestAttributesPattern=".*" attribute. That is needed for the AJP connection to pass the attributes specified in "attribute-map.xml" file (see above) to the ServletRequest object as request attributes, and of the correct name (as opposed to request headers). See also shibboleth2.xml on the same topic.
The connector directive below should be merged into the existing Shrine's server.xml.
<Connector protocol="org.apache.coyote.ajp.AjpNio2Protocol"packetSize="65536"
proxyName="[your-hostname]"
proxyPort="443"
enableLookups="true"
address="0.0.0.0"
port="8009"
allowedRequestAttributesPattern=".*"
secretRequired="false"
redirectPort="6443"
tomcatAuthentication="false"/>
...
Overview
Content Tools