Page History
...
Redirect requests to Tomcat's web root ("/
") to a URL of your choice, e.g. your institution's home page, replacing "www.example.edu" in the command below. The Shibboleth IDP application by default will run at /idp
, allowing you to easily add and update other content outside of /idp
, e.g. logos or CSS stylesheets without having them to integrate them with the "idp" context/application. The document root for that is in /var/lib/tomcat10/webapps/ROOT/
and nothing in the Shibboleth IDP software (or during use of SAML) by default links to /
of the server (i.e., the web server's base URL), so you can use that for locally hosted content without interfering with the IDP application. For example, you will want to add a robots.txt file to avoid unnecessary scanning by well-behaved search bots.
...
Code Block | ||
---|---|---|
| ||
<!-- Localhost-only connector for IDP command line tools --> <Connector address="127.0.0.1" port="80" /> <!-- https://tomcat.apache.org/tomcat-10.1-doc/ssl-howto.html --> <!-- https://tomcat.apache.org/tomcat-10.1-doc/config/http.html#SSL_Support --> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" maxPostSize="100000" SSLEnabled="true" scheme="https" secure="true"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate type="RSA"<SSLHostConfig protocols="TLSv1.2,TLSv1.3" ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"> <Certificate type="RSA" certificateKeystoreType="PKCS12" certificateKeystoreFile="/etc/tomcat10/webserver.p12" certificateKeystorePassword="see sections above" /> </SSLHostConfig> </Connector> |
...