shibboleth-dev - Re: SP and SSL
Subject: Shibboleth Developers
List archive
- From: Walter Hoehn <>
- To: "Scott Cantor" <>
- Cc: Steven Carmody <>, Shibboleth Developers <>, "'Howard Gilbert'" <>
- Subject: Re: SP and SSL
- Date: Tue, 26 Apr 2005 19:39:26 -0500
One idea that has crossed my mind recently is to distribute the IdP as custom daemon loader that has an embedded version of tomcat (this is surprisingly easy to do). I believe that this would make it possible to override the trust/key managers and eliminate about half of the install checklist for most basic setups (no apache, no mod_jk, no server.xml, no web.xml). Perhaps the loader could even be the same program that configures the IdP. :-D Undoubtedly, the power users will not want to run it this way and we would have to allow for that, but it might make it a lot easier for us support the J2EE neophytes. The main downside would be the burden of doing all of the packaging and synching the tomcat updates on an ongoing basis.
-Walter
On Apr 26, 2005, at 6:28 PM, Scott Cantor wrote:
But we're still not sure whether we can do it without overriding the entire
JVM's trust manager or modifying Tomcat or importing every possible CA/cert
into the Tomcat trust list (thus making it look a whole lot like Apache).
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Re: SP and SSL, Walter Hoehn, 04/26/2005
Archive powered by MHonArc 2.6.16.