Page History
...
Verify that there already is a Connector listening to https requests on port 6443. It should look like this:
...
Code Block | ||||
---|---|---|---|---|
| ||||
<Connector |
...
port="6443" protocol="org.apache.coyote.http11.Http11NioProtocol" |
...
maxThreads="150" SSLEnabled="true" scheme="https" secure="true" |
...
clientAuth="false" sslProtocol="TLS" |
...
keystoreFile="/opt/shrine/shrine.keystore" |
...
keystorePass="changeit" |
...
keyAlias="*.catalyst.harvard.edu" |
...
/> |
Configure the AJP connector. Note the allowedRequestAttributesPattern=".*"
attribute. That is needed for the AJP connection to pass the attributes specified in "attribute-map.xml
" file (see above) to the ServletRequest object as request attributes, and of the correct name (as opposed to request headers). See also SHRINE 4.0.0 Appendix A.3 - More Details : Shibboleth Configuration on the same topic.
The connector directive below should be merged into the existing Shrine's server.xml.
Code Block | ||||
---|---|---|---|---|
| ||||
<Connector protocol="org.apache.coyote.ajp.AjpNio2Protocol" |
...
packetSize="65536" |
...
proxyName="[your-hostname]" |
...
proxyPort="443" |
...
enableLookups="true" |
...
address="0.0.0.0" |
...
port="8009" |
...
allowedRequestAttributesPattern=".*" |
...
secretRequired="false" |
...
redirectPort="6443" |
...
tomcatAuthentication="false"/> |
Overview
Content Tools