1

I'm installing shibboleth2, version 2.6.0.1 64 bit on a Windows 2008 Server.

I've installed it at the server level and I have multiple sites hosted and are currently running.

I've had one install fail, where the ISAPI filter was automatically configured and the *.sso request mapping completed successfully.

The failure was less in the install and more that once the install was complete, the sites failed.

Here's what I think I need to do. Assume if I haven't listed it, it's the default configuration provide by shibboleth install.

  1. Is there anything I'm missing
  2. What should I expect on install, then on configuration. Will the Status URL work?

  3. If I don't want a given site to participate in this process, do I just disable the ISAPI filter on that site?

    <SPConfig>
<InProcess logger="native.logger">
   <ISAPI normalizeRequest="true" safeHeaderNames="true">
        <Site id="1" name="www.site1.com" scheme="http" port="80" />
        <Site id="1" name="www.site2.com" scheme="http" port="80" />
   </ISAPI>
</InProcess>

<RequestMapper type="Native">
<RequestMap>
   <Host name="www.site1.com" scheme="http" port="80">
       <Path name="secure" authType="shibboleth" requireSession="true" applicationId="site1"/>
   </Host>
   <Host name="www.site2.com" scheme="http" port="80">
       <Path name="secret" authType="shibboleth" requireSession="true" applicationId="site2"/>
   </Host>     
</RequestMap>
</RequestMapper>

<ApplicationDefaults REMOTE_USER="eppn persistent-id targeted-id" cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">

    <ApplicationOverride id="site1" entityID="https://www.site1.com/shibboleth-sp">
        <AttributeExtractor type="XML" file="site1-attribute-map.xml"/>
    </ApplicationOverride>

    <ApplicationOverride id="site2" entityID="https://www.site2.com/shibboleth-sp">
        <AttributeExtractor type="XML" file="site2-attribute-map.xml"/>
    </ApplicationOverride>

</ApplicationDefaults>

Josh Robinson
  • 111
  • 2
  • What kind of errors/issues are you seeing when this fails? Can you also clarify if you have some sites working, and one site not, or is shibboleth not working for any of them? I'm not quite clear what the current situation is, and it might help to understand your issue. – iwaseatenbyagrue Mar 08 '17 at 09:10
  • I'm looking for guidance at this point. I wasn't able to google out a multi-site config with most settings stated. There's hints out there and that is how I constructed this config. I'm trying to plan an IIS install were multiple sites may be on separate IDps, may not participate in auth, or may have varying attribute sets even if they are on the same IDp – Josh Robinson Mar 09 '17 at 19:50
  • it seems on your ISAPI, your id are identical and this is wrong:Site id should be different. Have you successfully run this? – Joel Oct 17 '18 at 08:57

0 Answers0