Hi
I'm cutting my teeth on the 2.1 IdP install and trying to work out how best to slot it in to the existing installation. My preference would be to front end it with Apache httpd again because that's what we already have and it means you don't have to faff around with the Java Keystore. Despite what I had thought was the case, the documentation doesn't actually seem all that more organised than the 1.3 documentation was when I started with that!!
I can find various bits that nearly but don't quite do what I want to do.
What I want is Apache, Tomcat and the JAAS authentication handler doing LDAP authentication. I'd be interested in hearing from anyone who has already done this, I particularly want to know:
In httpd.conf I understand that you now have ProxyPass /idp/ ajp://127.0.0.1:8009/idp/ ?
In http-ssl.conf do you still have the
<VirtualHost _default_:8443>
...
section? If so, does it still have a section:
<Location /shibboleth/AA>
SSLOptions +StdEnvVars +ExportCertData
</Location
I'm assuming not, that this will be different? Some bits and pieces I've come across indicate that:
<VirtualHost _default_:8443>
... certificates etc
<Location /idp>Allow from all SSLOptions +StdEnvVars +ExportCertData
SSLVerifyClient optional_no_ca SSLVerifyDepth 10 </Location>
<Proxy ajp://localhost:8009/idp/*> Allow from all </Proxy>
ProxyPass /idp/ ajp://localhost:8009/idp/
</VirtualHost>
Would do the trick?
Any other chunks of configuration files that I can have a copy of would be most appreciated.
I'm starting to have a play anyway, but thought I would mail here _before_ rather than _after_ I get to the end of my tether!
Cheers
Andy
The University of Dundee is a registered Scottish charity, No: SC015096
|