Shibboleth SP3 HTTP Headers missing

Question

I am using shibboleth SP 3 and IIS 8 on one server. I protect a folder "secure" and redirects to a test ADFS, where I configured the extraction of the UPN from the AD.

My attribute-map.xml looks like this:

<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <Attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" id="UPN" />
</Attributes>

Everything works fine. I check the http headers and server variables, all the custom shibboleth headers are there and corresponding server variables with the prefix HTTP_

I am deploying this on a test server, Windows Server 2012 with IIS 8. My problem is, I still have the server variables, but without the HTTP_ prefix, and I don't have the HTTP headers any longer, while my app relies on them.

The configuration files are almost identical. I have dug in the Shibboleth SP wiki, which is a murder to read, I don't find where I can finetune how the attributes are added in HTTP headers or server variables.

Do you have any clue?

thanks.

Answer 1

Shibboleth SP 3 uses the new iis7_shib.dll instead of the old isapi_shib.dll and it no longer populates the headers by default. See https://wiki.shibboleth.net/confluence/display/SP3/IIS#IIS-NewVersioninV3oftheSP.

However, you can edit the <ISAPI> element to useHeaders... see: https://wiki.shibboleth.net/confluence/display/SP3/ISAPI for documentation, but it should be as simple as replacing

<ISAPI>

with

<ISAPI useHeaders="true">

within your shibboleth2.xml file.