Shibboleth Developers

["Scott Cantor" <>]

> That's a possibility, yes.  I guess it depends on what steps you're
> willing to take to protect the contents of etc/.  Personally, I would
> never delete that directory or overwrite anything in it, even if an
> interactive user says "yes" to the prompt.  It's just too easy to
> shoot yourself in the foot.

I totally agree, I mentioned it yesterday on the call.

> You convinced me earlier that mods to the IdP config are a one-time
> operation, period.  Thanks for straightening me out on that, and we've
> adjusted our strategy accordingly.  However, mods to the metadata file
> and the gridmap files are ongoing.  AFAIK such changes will have
> little or no effect on a running IdP.

Agreed, but I wouldn't be running those tools from the install process.

> We will supply tools to manage the metadata file and the gridmap
> files.  (Presumably these tools will be stored in $IDP_HOME$/bin.) 
> Initially, the tools will be simple scripts (if anything) that copy
> the metadata file and/or the gridmap files into the tomcat webapp
> directory.  For this to work, the scripts will need access to
> build.properties, specifically, ${tomcat.home} and ${idp.webapp.name}.
>  So this raises two additional questions:
> 
> 1) Can an extension have a bin/ directory, which is automatically
> copied over into the $IDP_HOME$/bin directory?

I think that ought to be supported. The last thing I'd want to do is prevent
people from helping us by supplying useful stuff in bin.

> 2) Can a script in $IDP_HOME$/bin have access to build.properties?

I think that's wrong. I think you should use SHIB_HOME to find the root and
then locate things relatively from there.

> I can see some problems with the latter, but how else will scripts in
> $IDP_HOME$ know where the webapp is?

It's not the webapp that matters, ideally it's built from the source
whenever required and just sits in TOMCAT_HOME/webapps. It's SHIB_HOME that
should drive tools. Moreso than even now, in fact, we don't use it much
except for locating jars to build the classpath (see our utility shell
scripts).

-- Scott