Page tree
Skip to end of metadata
Go to start of metadata

Retrieving Status Information about the IdP

As of release 2.1.3 the IdP has a new Status page that provides health and configuration information.

Accessing the Status Page

The status page can be accessed using the /status path with the IdP. So, for example if the IdP host is idp.example.org and the IdP has a servlet context path of idp then then the URL to access the page is

http://idp.example.org/idp/status

Per Relying Party Configuration

By default the status page will provide a description of all relying party configuration currently configured for the IdP. However, it can also provide the relying party configuration that will be used for a specific relying party, as identified by its entity ID.

To access the relying party specific relying party configuration information add the URL parameter relyingParty with the URL-encoded form of the entity ID. So, in the example above, if we wanted the relying party configuration to be used for

http://sp.example.org/shibboleth

the status page access URL would become

http://idp.example.org/idp/status?relyingParty=http%3A%2F%2Fsp.example.org%2Fshibboleth

Allow Access to the Status Page

The status page is restricted by IP-based access. By default only localhost connection (those originating from 127.0.0.1) may access the page.

To allow access from other IPs you must edit the src/main/webapp/WEB-INF/web.xml in the IdP's source. Within this file will be a servlet parameter named AllowedIPs, located at line 119 (for Version 2.2.1) in the default file. On the line below is a space-separated list of CIDR blocks allowed to access the page. This list supports both IPv4 (in 'dotted' notation) and IPv6 (in 'colon' notation) ranges.

If you wish to preserve web.xml across installs an upgrades you should preserve it in the conf directory as discussed here.

Allow IPs in the 192.168.0.0/16 network
<!-- Servlet for displaying IdP status. -->
<servlet>
    <servlet-name>Status</servlet-name>
    <servlet-class>edu.internet2.middleware.shibboleth.idp.StatusServlet</servlet-class>
        
    <!-- Space separated list of CIDR blocks allowed to access the status page -->
    <init-param>
        <param-name>AllowedIPs</param-name>
        <param-value>127.0.0.1/32 ::1/128 192.168.0.0/16</param-value>
     </init-param>
        
     <load-on-startup>2</load-on-startup>
</servlet>
  • No labels