# Setup common for running an IdP or a Hub (for SP4)

# Enable our "comprehensive" module
--module=shibboleth

# Route access logging through standard SLF4J logging API
etc/jetty-requestlog.xml

# Do not expose contexts to web.
jetty.server.default.showContexts=false

##################################
## Network/Host/Port configuration
##################################

## TLS host and port to bind to
jetty.ssl.host=0.0.0.0
jetty.ssl.port=443

# Non-TLS host and port to bind to
jetty.http.host=127.0.0.1
jetty.http.port=80

######################################
## Keystore properties for TLS support
######################################

# Keystore file path (relative to $jetty.base)
jetty.sslContext.keyStorePath=../credentials/idp-userfacing.p12
jetty.sslContext.trustStorePath=../credentials/idp-userfacing.p12
# Keystore type
#jetty.sslContext.keyStoreType=PKCS12
#jetty.sslContext.trustStoreType=PKCS12

# Keystore passwords
jetty.sslContext.keyStorePassword=changeit
jetty.sslContext.trustStorePassword=changeit
jetty.sslContext.keyManagerPassword=changeit

# Deny SSL renegotiation
jetty.sslContext.renegotiationAllowed=false

# Skip SNI hostcheck
jetty.ssl.sniHostCheck=false

# Suppress node name in JSESSIONID values
# This assumes a non-clustered Jetty deploy
jetty.sessionIdManager.workerName=

jetty.httpConfig.sendServerVersion=false

etc/tweak-ssl.xml