Preparing JBoss for the Shibboleth Identity Provider

Version Requirements/Recommendations

Required Configuration Changes

Supporting SOAP Endpoints

Shibboleth IdPs and SP may communicate directly, as opposed to sending messages via the user's browser, during certain operations (Attribute Query, Artifact Resolution, and Logout). In order to support these request the IdP needs an additional port (called a Connector within the Tomcat configuration), distinct from the one used by the user (because they have different, mutually exclusive, security requirements).

  1. Copy the following Connector definition into JBoss Tomcat's server/<serviceProfile>/deploy/jboss-web.deployer/server.xml. This definition should be placed either before the first, or after the last, connector already defined in the configuration file.
    <Connector port="8443" 
               maxHttpHeaderSize="8192"
               maxSpareThreads="75"
               scheme="https"
               secure="true"
               clientAuth="true"
               sslProtocol="TLS" 
               keystoreFile="IDP_HOME/credentials/idp.jks"
               keystorePass="PASSWORD"
               truststoreFile="IDP_HOME/credentials/idp.jks"
               truststorePass="PASSWORD"
               algorithm="DelegateToApplication"/>
    
  2. Replace IDP_HOME with the directory you will install the IdP into and PASSWORD with the password you entered during installation.