| Info |
|---|
Apache Tomcat is the recommended servlet container to use with uPortal 4. While uPortal 4 requires a Servlet 3.0-compatible servlet container and another servlet container may be used, most uPortal implementers deploy to Apache Tomcat. Choosing Tomcat 7.x will likely allow uPortal adopters to get the best advice from the community. |
| Warning | ||
|---|---|---|
| ||
There's something off about uPortal logout / session invalidation in Tomcat 7.0.47+. If you want to be running a recent Tomcat 7, try Tomcat 7.0.42 instead. |
Installing Apache Tomcat
Linux/Unix Installation
...
| No Format | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
shared.loader=${catalina.base}/shared/lib/*.jar |
...
Disabling SSLv3
Some sites have chosen to disable SSLv3 on their CAS server due to various vulnerabilities. That can cause problems with the CAS client used in uPortal being unable to establish an HTTPS connection to the CAS server to validate the service ticket and throwing an exception
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
One solution is to set the protocols used by Java when making SSL connections. You can do this by adding the following property to JAVA_OPTS (or CATALINA_OPTS if using that):
Oracle Java7: -D https.protocols="TLSv1,TLSv1.1,TLSv1.2"
Your CAS server must be configured to use one of the mentioned protocols or the handshake will fail. If your test CAS server is publicly accessible, you can view which protocols it supports by entering its domain name into https://www.ssllabs.com/ssltest/.
If you run into troubles, refer to https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https and other resources to help diagnose the issue.
| Info | ||
|---|---|---|
| ||
Additional References |
...