...
Vi har sett att det finns äldre versioner av httpcore, httpclient, commons-dbcp2, commons-pool2 under mapp /opt/shibboleth-idp/edit-webapp/WEB-INF/lib. Om du har dessa jar-filer i /opt/shibboleth-idp/edit-webapp/WEB-INF/lib, ta bort dem. Nyare versioner finns med i Shibboleth IdPv4.
Följande legacy delen av web.xml som idp-installern la till en gång i tiden verkar orsaker problem för nya Jetty. Rekommendationen är att kommentera bort hela security-constraint och login-config som visas nedan (om de finns)
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<!-- IdP-installer has appended these settings to the config which uncomments entries documented above -->
<!--
Uncomment to use container managed authentication. The new servlet spec (3.1)
supports "**" as a wildcard syntax to avoid role usage, which is normally desirable.
Older containers usually support "*" when proprietary options are used (e.g., Jetty
requires setting the Strict property on the SecurityManager.)
-->
<security-constraint>
<display-name>Web Login Service</display-name>
<web-resource-collection>
<web-resource-name>user authentication</web-resource-name>
<url-pattern>/Authn/RemoteUser</url-pattern>
<url-pattern>/profile/SAML2/SOAP/ECP</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>**</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Uncomment if you want BASIC auth managed by the container. -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ShibUserPassAuth</realm-name>
</login-config> |
MySQL Connector och HikariCP jar-filer
...