Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: D.R.Y.: permissions, context

...

Since we want the IDP (and hence Apache Tomcat and the JVM) to be run as a non-priviledged user we'll need to adjust a couple of file system permissions:

...

Include Page
include-file-system-permissions
include-file-system-permissions

As per the Shibboleth IDP documentation for Tomcat we'll need to make a few more adjustments:

...

Following the recommendations from the Shibboleth wiki we also uncomment (i.e., make active) the line <Manager pathname="" /> in Tomcat's context.xml. And since we have to change that file anyway let's replace it with a minimalist version that also avoids scanning (most) of the IDP's JAR files during startup, see section Slow Startup towards the end of that Shibboleth wiki page.

...

Include Page

...

include-context.xml
include-context.xml

Finally, to make the status.sh script work we'll need to add the Java Server Tag Library to the IDP that Tomcat is not re-distributing:

...