[gridshib-user] Re: Certificate Registry
Tom Scavo
trscavo at gmail.com
Tue Aug 28 10:57:37 CDT 2007
On 8/28/07, Lisa Tan <ag5087 at wayne.edu> wrote:
>
> However on the step c of 6 (To configure the Certificate Registry, perform the
> following steps:), it says "requires modifications to your Apache configuration"
> which I couldn't understand where I should make the Apache configuration
> change. I thought the protection of /CertificateRegistry and /
> CertificateRegistryUI.jsp is in the idp.xml.
The Shibboleth SSO Service is protected by some deployment-specific
authentication mechanism. It may be LDAP (apache), forms-based
(tomcat), or something else. Whatever you used for authentication for
your deployment, use the same mechanism to protect the Certificate
Registry.
> I thought /CertificateRegistry should
> work fine since https://hostname/shibboleth-idp/CertificateRegistryUI.jsp is
> working?
You should be challenged for credentials upon accessing the
Certificate Registry for the first time. If not, it's not protected
properly.
Tom
More information about the gridshib-user
mailing list