In order for Tomcat to be be able to handle authenticated requests from Shibboleth, the following files must be configured:
- agiliance.properties
- applicationContext-security.xml
After the below changes have been made, reset the Tomcat service.
To configure agiliance.properties:
Navigate to the %AGILIANCE_HOME%\config folder and open the agiliance.properties file using a text editor.
Add the
com.agiliance.SAML.configured=trueproperty to the file.Specify the SAML hostname at
virtual.host = %AGILIANCE_HOST_NAME%.
To configure applicationContext-security.xml:
Navigate to the %AGILIANCE_HOME%\Tomcat\webapps\spc\WEB-INF folder and open the applicationContext-security.xml file.
Resolver recommends that you back up this file before making any changes. You may need to revert the file to its original settings for role maintenance. Comment the first <bean> element and uncomment the second one as shown below:
<!--
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/index.jsp*" filters="none" />
<security:filter-chain pattern="/chart/**" filters="none" />
<security:filter-chain pattern="/css/**" filters="none" />
<security:filter-chain pattern="/images/**" filters="none" />
<security:filter-chain pattern="/**" filters=" concurrentSessionFilter, httpSessionContextIntegrationFilter,
${authentication.processing.filter}, securityContextHolderAwareRequestFilter, anonymousAuthenticationFilter, sessionManagementFilter, exceptionTranslationFilter, filterSecurityInterceptor"/>
<!-- put channelProcessingFilter before securityContextHolderAwareRequestFilter to turn on HTTPs -
->
</security:filter-chain-map>
</bean><bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/index.jsp*" filters="samlAuthenticationProcessingFilter" />
<security:filter-chain pattern="/logout.jsp*" filters="none" />
<security:filter-chain pattern="/chart/**" filters="none" />
<security:filter-chain pattern="/css/**" filters="none" />
<security:filter-chain pattern="/images/**" filters="none" />
<security:filter-chain pattern="/**" filters=" concurrentSessionFilter, httpSessionContextIntegrationFilter, samlAuthenticationProcessingFilter
${authentication.processing.filter}, securityContextHolderAwareRequestFilter, anonymousAuthenticationFilter, sessionManagementFilter, exceptionTranslationFilter, filterSecurityInterceptor"/>
</security:filter-chain-map>
</bean>
