Home / server / Questions / 432776
In Process
OrangeGrover
Asked: 2012-09-28 15:20:23 +0800 CST

Shibboleth SP, IIS

  • 772

I have a Shibboleth SP instance on Server 2008 R2 and everything is authenticating fine with the IdP.

I was testing protecting a single page and that is working fine by doing the following in the shibboleth2.xml file:

<Host name="MyUrl.com">
     <Path name="page.jsp" authType="shibboleth" requireSession="true"/>
</Host>

When I go to https://MyUrl.com/page.jsp I get redirected to enter credentials, and then end up back on the page.jsp

Now I found out that I should be protecting the Document Root, but not the entire site.
Basically I need to be authenticated by Shibboleth, and once I am, then I'll get redirected back to the Document Root where a session is set with separate software, I get redirected to a different page and the Document Root will never be used again.

Any help is appreciated

iis

2 Answers

  1. I do not see an easy way to this with IIS. However...

    My recommendation is that you check for the values (the HTTP headers when using IIS) Shibboleth supplies. If they are there all fine. If not you redirect to your login url like

    https://MyUrl.com/auth.jsp <---- this is protected by shibboleth

    On this url you can set up your application session and if everything is fine you can redirect back to the main page.

    • 0

  2. How about this?

    <Host name="MyUrl.com">
     <PathRegex regex=".*" authType="shibboleth" requireSession="true" />
</Host>

    Essentially, a regex to protect the entire root.

    Edit #1 - Just saw how old this was... yikes.

    • 0