Shibboleth SP 2.5.2 on IIS authenticates with HTTP, not with HTTPS

James W. Anderson jamesanderson at coca-cola.com
Wed Nov 19 15:30:58 EST 2014 

I have the following site configuration settings in shibboleth2.xml, on a Windows 2008 R2 server running IIS 7.5:

    <InProcess logger="native.logger">
        <ISAPI normalizeRequest="true" safeHeaderNames="true">
            <Site id="1" name="myfakedomainname.com" scheme="https" port="443"/>
        </ISAPI>
    </InProcess>

    <RequestMapper type="Native">
        <RequestMap applicationId="default">
            <Host name="myfakedomainname.com" authType="shibboleth" requireSession="true"/>
        </RequestMap>
    </RequestMapper>

The IIS site ID is 1, it's listening on both http and https on ports 4160 (http) and 4161 (https) and is setting behind a load balancer/VIP that's listening on standard ports 80 and 443, using myfakedomainname.com as its domain (actual domain withheld for privacy).

If I access the site via http I get redirected. If I access via https it passes me through to the site without any authentication. This seems backwards to what I would expect from this configuration-I'd expect only the https requests to require authentication.

Any thoughts on how I can correct this to force authentication for both http and https?

Thank you!

[cid:image001.png at 01D0040D.70FE3BE0]


James W. Anderson
Cloud Solution Delivery Architect
The Coca-Cola Company
404.676.4914 Office
404.598.4914 Fax
770.653.1033 Mobile
jamesanderson at coca-cola.com<mailto:jamesanderson at coca-cola.com>





________________________________

CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.

________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141119/85730be6/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12779 bytes
Desc: image001.png
Url : http://shibboleth.net/pipermail/users/attachments/20141119/85730be6/attachment-0001.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oledata.mso
Type: application/octet-stream
Size: 22765 bytes
Desc: oledata.mso
Url : http://shibboleth.net/pipermail/users/attachments/20141119/85730be6/attachment-0001.obj

More information about the users mailing list