ensure robustness. Failover and redundant configurations are now supported.</li>
<li>The SHAR may now optionally store its session and attribute cache in a
back-end database in addition to the previously available in-memory option.
- </li>
- <span class="feature">[1.1]</span> </li>
+ <span class="feature">[1.1]</span> </li>
<li>Federation supplied files (sites.xml and trust.xml) are now refreshed in
a much more robust manner. </li>
- </li>
<li>The SHAR can be configured to request specific attributes from the
Origin. </li>
<li>The SHAR can use TCP sockets when responding to the Apache module, for
</li>
<li><a href="#5.e."><font color="black">Local Error Page</font></a></li>
- <li><a href="5.f."><font color="black">5.f. Using a New Attribute</font></a></li>
+ <li><a href="#5.f."><font color="black">Using a New Attribute</font></a></li>
</ol>
</li>
<p><span class="fixedwidth"><Location /shibboleth/AA>
<br> SSLVerifyClient optional
<br> SSLOptions +StdEnvVars +ExportCertData
- </Location> </span></p>
+ <br></Location> </span></p>
</blockquote>
</li>
</ol>
<p>1. On the java.naming.provider.url Property, add <port number> after the hostname in the ldap url (the default port for ldap over SSL is 636),</p>
<p>2. Add this Property element:</p>
<blockquote>
- <p><span class="fixedwidth"><Property name="java.naming.security.protocol" value="ssl" "></p>
+ <p><span class="fixedwidth"><Property name="java.naming.security.protocol" value="ssl" "></span></p>
</blockquote>
<p>If the ldap server must be accessed over SSL, and JDK 1.4.2 is being used, then change ldap:// to ldaps:// in the value of the <span class="fixedwidth">java.naming.provider.url</span> Property.</p>
<p>NOTE: This assumes that the ldap server's cert is rooted with a CA that is in the JVM's default keystore (ie: a commercial CA). If not, the CA cert must be added.</p>