Configuring Valve

• Open server.xml available in your Tomcat's conf directory.

• Under the Host Element of XML file add:

  <Valve className="----Enter ClassName here----"  valvePropertyLoc="----Enter external property file location----" />

Properties

• Properties defined in external property file(specified while configuring valve in server.xml) will override properties in application.properties

• IdP Issuer Name: It is required for verifying Issuer Name in the SAML response from the IdP

  saml.plugin.request.url=http://localhost:9060/samlplugin/samlrequest

• Protected contexts: semi-colon separated list of apps that you need to protect. Use * if you need to protect all the apps deployed on the tomcat instance protected.contexts=*

  Note: If protected context list contains * then all the deployed apps gets protected.

• SAML plugin context name (WAR file name):

  saml.plugin.context.name=/samlplugin

• The SAML plugin deployed in the same Tomcat instance that you want to protect

  saml.plugin.in.same.instance=false

  Note: The above two properties is required to ignore any requests coming for SAML plugin. If SAML plugin is deployed in the same tomcat instance and request comes for SAML plugin, Tomcat Authenticator will ignore the authenticating the user.

• The Single Sign On enabled property: Set this property to "true" if you want Single Sign on between the protected webapps (contexts). Set this to "false" if do not want single sign on

  single.sign.on.enabled=true

  Note: For Single Sign On to work, the Single Sign On valve must be configured in conf/server.xml. It is also necessary that SingleSignOn valve entry must be above SecureauthAuthenticator valve entry.

Compile and deploy tomcat authenticator

• Open command prompt and go to directory for the project which needs to be deployed.

• Run mvn clean package - This will generate jar file of your project in <project name>/target directory

• Copy the generated jar file in your Tomcat's lib directory.