Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Description

Since it seems possible, we should get this added for feature parity with the Apache version, and that will help prove out that it's possible for other uses.

Environment

None

has dependent

Activity

Show:

Rod Widdowson February 24, 2018 at 5:01 PM

The resolutio n here is that just configuring the

<Sessions postData="ss:mem" />

works. I did however (under the aegis of this case) fix a bug whereby

IIS7Request::setResponseHeader(const char* name, const char* value)

was overwriting previous versions, not appending. This showed up as lost cookies.

Rod Widdowson February 24, 2018 at 4:51 PM

 

fReplace

[IN] Specifies whether the existing header should be overwritten.

Rod Widdowson February 24, 2018 at 4:44 PM

So What I think is happening is that shibd is telling the iis driver to set the headers

Set-Cookie: shibsession_1234567=.... Set-Cookie: shibpost_1234567=.... Content-type:  ...  ...

 

and so on  It appears that when the IIS driver calls IIS to set the cookie the second time it over writes the first time.  I'll read the fine manual, but this would kinda make sense,

Not sure what to do about it yet tho.

 

 

Rod Widdowson February 24, 2018 at 4:06 PM

So armed with that its easy to see the bug.

Apache

POST https://w2k3.steadingsoftware.net/Shibboleth.sso/SAML2/POST HTTP/1.1 ... Referer: https://v3.steadingsoftware.net/idp/profile/SAML2/Redirect/SSO .. .. .. HTTP/1.1 200 OK Date: Sat, 24 Feb 2018 15:55:19 GMT Server: Apache/2.4.25 (Win64) OpenSSL/1.0.2j Set-Cookie: _shibsession_6.....=/; HttpOnly _shibpost_9.....=; path=/; HttpOnly; expires=Mon, 01 Jan 2001 00:00:00 GMT Expires: Wed, 01 Jan 1997 12:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0 Pragma: no-cache Content-Length: 1422 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html

IIS

POST https://iis.steadingsoftware.net/Shibboleth.sso/SAML2/POST HTTP/1.1 ... Referer: https://v3.steadingsoftware.net/idp/profile/SAML2/Redirect/SSO .. .. .. HTTP/2.0 200 OK cache-control: no-cache, no-store, must-revalidate, private, max-age=0 pragma: no-cache content-type: text/html expires: Wed, 01 Jan 1997 12:00:00 GMT server: Microsoft-IIS/10.0 set-cookie: _shibpost_b=; path=/; HttpOnly; expires=Mon, 01 Jan 2001 00:00:00 GMT date: Sat, 24 Feb 2018 13:37:37 GMT content-length: 1440 X-Firefox-Spdy: h2

So in the IIS7 case the cookie isn't being said.
Now its time for some code reading and the debugger

Rod Widdowson February 23, 2018 at 5:51 PM

That gives me the information I need to chase further, It looks (and I'll need to confirm), that by the time I get the post the session cookie hasn't been set.

Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Rod Widdowson

Reporter

Scott Cantor

Components

Fix versions