Hello!
I'm having trouble finding a way (maybe it is because it isn't
possible?) of making Tomcat send users to the relative URL
"/Shibboleth.sso/Login" (not served by Tomcat) in order to login if the
Tomcat session times out, etc.
Is there a way to do that?
Basically the intent is that it would be a workaround for an issue we're
having. Typically when I use the Shibboleth protected web application,
apache intercepts attempts to access the web app (via mod_shib) and
Shibboleth handles all of the authN and passes REMOTE_USER header to
Tomcat (via mod_jk) after which I am already authenticated to Bedework
(which uses Tomcat container-based auth). However, when some other users
try to access that same web application, they are consistently sent to
Tomcat's grey login screen (which doesn't use Shib, so it won't
recognize their user). When I leave my browser open too long (like
overnight), I also see the same issue. I tried changing Tomcat's
session-timeout to 1 minute (and restarting Tomcat) and authenticating
and then waiting a few minutes and trying to access the web application
again to see if it was that, but that didn't cause any problem. Mike
Douglass of Bedework suggested that I try disabling container-based
authN, so I tried commenting out the security-contraints, login-config,
and security-roles of the web.xml of the webapp that showed this
behavior (and rebuilt, redeployed, restarted Tomcat) and I was still
able to login via Shibboleth, but now the two users that consistently
are able to reproduce the issue got "Exception: Null user parameter for
public admin." in the Bedework app, and I get the same error now if I
leave my browser open overnight and try to access the web application.
I would think that if it were possible to configure Tomcat to redirect
to Shibboleth's login, that might be the best option. Does anyone know
of a way to redirect Tomcat to point at some other URL, specifically the
relative URL "/Shibboleth.sso/Login" (not served by Tomcat)?
Thanks in advance,
--
Gary Weaver
Internet Framework Services
Office of Information Technology
Duke University
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]