Uploaded image for project: 'Shibboleth SP - C++'
  1. Shibboleth SP - C++
  2. SSPCPP-856

Non-default handler URL fails with IIS 7 module

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4
    • Fix Version/s: 3.0.4
    • Component/s: Request Processing
    • Labels:
    • Environment:
      • Shibboleth SP V3.0.4
      • Windows Server 2012 R2
      • IIS 8.5
    • Operating System:
      Windows
    • CPU Type:
      x86_64
    • Web Server:
      IIS 8 (Windows 2012)

      Description

      Since the upgrade of the SP from 2.x to the latest 3.x  version, i recognized, that the SP does only accept /SAML2/POST requests on the default location: /Shibboleth.sso.

      Configuring other locations with the ApplicationDefaults/Session/handlerURL element leads to a HTTP 404.

      Scenario

       

      Config extract of a config, that works with SP 2.x and doesn't anymore with SP 3.0.4:

       

      <InProcess logger="native.logger">
          <ISAPI normalizeRequest="true" safeHeaderNames="false" useHeaders="true">
              <Site id="1" name="my.sp.org"/>     
          </ISAPI>
      </InProcess><RequestMapper type="Native">
              <RequestMap encoding="URL" applicationId="default">
              <Host name="my.sp.org">                
                  <Path name="myapp" authType="shibboleth" requireSession="true" />
                  <Path name="acs" />
              </Host>
          </RequestMap>
      </RequestMapper><ApplicationDefaults entityID="https://mysp.org/sp/shibboleth"
          REMOTE_USER="eppn subject-id pairwise-id persistent-id"
          cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
          <Sessions relayState="ss:mem" 
                    cookieProps="https" 
                    handlerSSL="true" 
                    handlerURL="acs/Shibboleth.sso" 
                    checkAddress="false"                   
                    timeout="3600"
                    lifetime="28800">
             
      	      <SSO entityID="https://my.idp.org/idp/shibboleth">SAML2</SSO>
                          
              <Logout>SAML2 Local</Logout>
              <LogoutInitiator type="Admin" Location="/Logout/Admin" acl="10.0.8.93 ::1" />
              <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
              <Handler type="Status" Location="/Status"/>
              <Handler type="Session" Location="/Session" showAttributeValues="true"/>
              <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
          </Sessions>
          
      <!-- etc --->        
          
      </ApplicationDefaults> 

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            pesche@unitedid.org pesche@unitedid.org
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h