IIS and new Service Provider v2.5
Martin B. Smith
smithmb at ufl.edu
Tue Nov 6 11:18:53 EST 2012
Hi all,
At the University of Florida, we have a number of system administrators
reporting that, after upgrading to v2.5 of the service provider
software, their IIS sites are returning the following error:
ERROR Shibboleth.ISAPI [8236] isapi_shib: Attempt to spoof header (st:)
was detected.
I've had this reported for:
IIS 6 on Windows 2003 SP2 32 bit
IIS 7 on Windows (unknown specific platform)
IIS 7 on Windows Server 2008 R2, SP1 x64
As you can tell by the platform list, this problem has been reported by
a number of different systems administrators on our campus. As I'm not
administering any IIS machines myself, I don't have a minimal example to
demonstrate or investigate the problem myself.
Has anyone else seen this, and if so, did you identify a root cause? I'm
surprised as "st:" is not a header I've ever heard of, and it doesn't
match any attribute that we vend to service providers.
Thanks in advance,
--
Martin B. Smith, Systems Administrator
smithmb at ufl.edu - (352) 273-1329
UF Information Technology, CNS/Open Systems Group
University of Florida
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shibboleth.net/pipermail/users/attachments/20121106/38176fea/attachment.bin
More information about the users
mailing list