Shibboleth authentication on Win 2008r2 64-bit used by 64-bit apps with 32-bit DLL

P. Held pheld at softwaretouch.com
Mon Sep 19 18:04:54 BST 2011 

I hope I have posted this to the correct site. Please let me know where this
best fits. Thanks in advance....
--------------------------------------------------------------------------------------------------------------------------
*Problem*: Shibboleth authentication will not kick in on a Windows 2008R2
64-bit IIS7 web application when the

App Pool Advanced Setting: Enable 32-Bit Applications = True.
Enable 32-Bit Applications = True is needed to run Crystal Reports 2008 (a
32-bit only application / dll) in applications that use Crystal Reports.


*Question*: How can Shibboleth be called to work properly in this situation
with mixed 64-bit and 32-bit applications?
1. 64-bit Shibboleth is properly installed.
2. The root website (AESWEB) is configured:
        a. .NET Framework Version = v2.0
        b. Enable 32-Bit Applications = False
        c. Managed Pipeline Mode = Classic
                • If Enable 32-Bit Applications = *Integrated*, then all
sites (paths) error with a 500 - Internal server error on the URL: https://
admin.example.org/Shibboleth.sso/SAML2/POST
 [image: Event ID: 7011 Shiboleth ISAPI Filter]
3. Crystal Reports 2008 (32-bit application / dll)  is running on the
system, and is utilized by most of the applications that are hosted. It only
runs in 32-bit mode.
[image: Crystal Reports App Pool setup]

4. The Shibboleth2.xml setup is as follows:
        <Host name="admin.example.org" redirectToSSL="443">
                        <Path name="fybudgetdev" authType="shibboleth"
requireSession="true"/>
                        <Path name="greenhouse" authType="shibboleth"
requireSession="true"/>
                        <Path name="portal" authType="shibboleth"
requireSession="true"/>
                        <Path name="test" authType="shibboleth"
requireSession="true"/>
        </Host>

5. Shibboleth will kick in for authentication for an app that is set with
App Pool  advanced settings (not using Crystal Reports 2008):
        a. .NET Framework Version = v2.0
        b. Enable 32-Bit Applications = False
        c. Managed Pipeline Mode = Integrated

6. Shibboleth will NOT kick in for authorization for an app that is set with
App Pool advanced settings (using Crystal Reports 2008):
        a. .NET Framework Version = v2.0
        b. Enable 32-Bit Applications = True
        c. Managed Pipeline Mode = Integrated or Classic
 [image: Application App Pool setup]

7. Enabled ISAPI filter. Tried it with application that is 32-bit enabled,
and it did not help. Reset the Execute=false, so ISAPI filter is disabled
once again.

[image: Handler Mapping]


Thank you in advance.

Patti Held


-- 
P. Held
pheld at softwaretouch.com
pheld at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110919/35ea0682/attachment-0001.html

More information about the users mailing list