Shibboleth Developers

["Wilcox, Mark" <>]

Title: RE: Tomcat and certificate validation for SSL

Yes, most java app containers in theory can support Apache running in front of them - but you can't always expect that.

 

Just another future monkey wrench - some installations undoubtedly will be offloading their SSL to the load-balancer. I'm not sure how that works if you want SSL client-cert delivered to your system.

 

Mark

---

From: Scott Cantor [mailto:]
Sent: Tue 6/14/2005 5:44 PM
To:
Cc:
Subject: RE: Tomcat and certificate validation for SSL

> hands up, I agree it'd be a tad slower! but what you gain is container
> independence, i.e not having to tie shibb to Tomcat. Jetty is quite common
> out there and people swear it's faster than Tomcat.

Don't other containers support Apache? I guarantee it's faster than either
of them. Which I guess argues for your point, not mine. If you care about
performance, you're probably not interested in this scenario anyway.

So that just leaves the replay code and fitting a more complete framework
for varying the authentication layer into the codebase, care to write it?
;-)