Has anyone got a working Shibboleth SP in Azure?

Paul Brears pbrears at rm.com
Fri Jun 22 17:10:02 BST 2012 

 

I've got Shib SP 2.4.3  in a Azure (Platform as a service web role)
2008-R2

 

The isapi filter loads but doesn't seem to work correctly, and doesn't
grab .sso URLs (so Shibboleth.sso/SAML2/POST  and Shibboleth.sso/Status
fail with a IIS 404.) although when I went to /secure it intercepted the
request and set it to the IdP so I think did have the right siteID
configured in Shibboleth2.xml.

 

As the IIS compatibility mode isn't installed I've manually added the
.sso script mapping, loaded the isapi filter and adjusted the file
permissions to ensure IIS can write log files and access /opt.

Shibd is running and seems happy.

 

Has anyone got Shibboleth SP installed in Azure successfully?

 

Regards

 

Paul

 

Example of debug logs when it fails

2012-06-22 15:18:18 DEBUG Shibboleth.ISAPI [880] isapi_shib: mapped
https://AzureSPname.net/secure/ to default

2012-06-22 15:18:18 DEBUG Shibboleth.SessionInitiator.SAML2 [880]
isapi_shib: attempting to initiate session using SAML 2.0 with provider
(https://IDPname.net/idp/shibboleth)

2012-06-22 15:18:18 DEBUG Shibboleth.Listener [880] isapi_shib: sending
message (default/Login::run::SAML2SI)

2012-06-22 15:18:18 DEBUG Shibboleth.Listener [880] isapi_shib: send
completed, reading response message

2012-06-22 15:18:30 DEBUG Shibboleth.ISAPI [880] isapi_shib: mapped
https://AzureSPname.net/Shibboleth.sso/SAML2/POST to default

 

Example of debug logs for same SP version installed on a vanilla Windows
2008 R2 server where it works correctly.

2012-06-22 15:28:12 DEBUG Shibboleth.ISAPI [2124] isapi_shib: mapped
https://NormallSPname.net/secure/ to default

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: sending
message (default::getHeaders::Application)

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: trying
to connect to listener

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: socket
(652) connected successfully

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: send
completed, reading response message

2012-06-22 15:28:12 DEBUG Shibboleth.SessionInitiator.SAML2 [2124]
isapi_shib: attempting to initiate session using SAML 2.0 with provider
(https://IDPname.net/idp/shibboleth)

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: sending
message (default/Login::run::SAML2SI)

2012-06-22 15:28:12 DEBUG Shibboleth.Listener [2124] isapi_shib: send
completed, reading response message

2012-06-22 15:28:14 DEBUG Shibboleth.ISAPI [2124] isapi_shib: mapped
https://NormallSPname.net/secure/ to default

2012-06-22 15:28:14 DEBUG Shibboleth.SessionInitiator.SAML2 [2124]
isapi_shib: attempting to initiate session using SAML 2.0 with provider
(https://IDPname.net/idp/shibboleth)

2012-06-22 15:28:14 DEBUG Shibboleth.Listener [2124] isapi_shib: sending
message (default/Login::run::SAML2SI)

2012-06-22 15:28:14 DEBUG Shibboleth.Listener [2124] isapi_shib: send
completed, reading response message

2012-06-22 15:28:15 DEBUG Shibboleth.ISAPI [2124] isapi_shib: mapped
https://NormallSPname.net/Shibboleth.sso/SAML2/POST to default

2012-06-22 15:28:15 DEBUG Shibboleth.ISAPI [2124] isapi_shib_extension:
mapped https://NormallSPname.net/Shibboleth.sso/SAML2/POST to default

2012-06-22 15:28:15 DEBUG Shibboleth.Listener [2124]
isapi_shib_extension: sending message (default/SAML2/POST)

2012-06-22 15:28:15 DEBUG Shibboleth.Listener [2124]
isapi_shib_extension: send completed, reading response message

...
____________________________________________________________________


RM Books - the first ever ebook system designed specifically for schools.

Coming in Autumn 2012 - pre-register for free now!

www.RMbookshelf.com

____________________________________________________________________

P.S. Think Green - don't print this email unless you really need to.
This message is confidential. You should not copy it or disclose its contents to anyone. You may use and apply the information only for the intended purpose. Internet communications are not secure and therefore RM Education does not accept legal responsibility for the contents of this message. Any views or opinions presented are only those of the author and not those of RM Education. If this email has come to you in error please delete it and any attachments. Please note that RM Education may intercept incoming and outgoing email communications.

RM Education plc is a company registered in England and Wales, Company Reg. No: 01148594; Registered Office: New Mill House, 183 Milton Park, Abingdon, OXON OX14 4SE; VAT No: 630 8236 56
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120622/d4368dbb/attachment.html

More information about the users mailing list