Versionen im Vergleich

Alte Version 2

changes.mady.by.user Peter Brand

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Peter Brand

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Kommentar: mention status/JSTL is optional

...

Codeblock
languagebash
titleWhat IDP version is currently installed
$ /opt/shibboleth-idp/bin/version.sh
4.0.01.2

Optional (and will only work if you've installed the JSTL libraries as part of the IDP installation):

Codeblock
languagebash
titleWhat does the IDP think of its own state?
/opt/shibboleth-idp/bin/status.sh

Applying updates

See IDP 4 Updates for detailed instructions.

What's happening right now

...

Codeblock
languagebash
titleTomcat STDOUT/STDERR (formerly catalina.out)
journalctl -u tomcat9.service -e -fef


Codeblock
languagebash
titleTrail all relevant logs at once
multitail -f /opt/shibboleth-idp/logs/idp-process.log /var/log/tomcat9/access.log -l 'journalctl -u tomcat9.service -f'

...

The aacli is a very useful tool to test what data the running IDP would sendbe sending out for a given subject (replace SOME_USERID below with the login name the subject would enter during authentication) to a given SP. Not only does that help verifying your attribute resolver  and attribute filter configuration when you're making changes to either (or both), it can also be useful in debugging access problems someone experiences at a given SP as you can easily compare what data would go out for different subjects (e.g. in cases where access works vs. where it fails) without needing the subject's cooperation in this issue (or access to their password).

...