Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-727

Add an installer option for disabling the "shibboleth_jsp" servlet (/shibboleth URL serving the IdP's metadata)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.2.0
    • Component/s: Installer
    • Labels:
      None

      Description

      The webapp/WEB-INF/web.xml file in the IdP distribution currently includes the following snippet:

          <!-- Send request for the EntityID to the SAML metadata echoing JSP. -->
          <servlet>
              <servlet-name>shibboleth_jsp</servlet-name>
              <jsp-file>/WEB-INF/jsp/metadata.jsp</jsp-file>
          </servlet>
          <servlet-mapping>
              <servlet-name>shibboleth_jsp</servlet-name>
              <url-pattern>/shibboleth</url-pattern>
          </servlet-mapping>
      

      As it isn't really good practice to publish auto-generated metadata by default (to quote from idp-metadata.xml: Do NOT supply it as is without review, and do NOT provide it in real time to your partners), it would be useful to have an option with the 3.2 installer to turn off the shibboleth_jsp servlet in web.xml.

      Whether this option should also completely suppress generating idp-metadata.xml or not is somewhat orthogonal, I think. The main point of this enhancement is that /idp/shibboleth no longer serves data which might be inaccurate or obsolete.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rdw@iay.org.uk Rod Widdowson
              Reporter:
              zccx04fxbfekk/ldylvfqohcyf4=@https://aai-logon.switch.ch/idp/shibboleth Kaspar Brand
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 40 minutes
                  1h 40m