IIS 7.5 web application, SP and shibboleth2.xml - ApplicationOverride not taking precedence over ApplicationDefaults

Haer, Neelam nklhaer at mail.ubc.ca
Tue Sep 9 14:00:06 EDT 2014


Hi Scott,

Thanks for your reply.

I used the term "sending over" because somehow, the idP logs are showing that settings from the ApplicationDefaults section (which don't contain any relevant information) as opposed to the actual settings, which are in the <ApplicationOverride> section. I hope that makes better sense?

I double-checked that the applicationIds are matching, we typically don't change them and it looks like in this instance they have not been changed from the defaults, but why is the idP not using the ApplicationOverride settings?

<RequestMapper type="Native">
<RequestMap applicationId="default">
<Host name="clientSiteNameInIIS">
<Path name="locked" applicationId="rename--my-application-name"
authType="shibboleth" requireSession="false" exportAssertion="false">
</Path>
</Host>
</RequestMap>
</RequestMapper>

 <ApplicationDefaults id="default" policyId="default"
        entityID="https://something_here/do-not-use"
        homeURL="https://someURL/"
        REMOTE_USER="eppn persistent-id targeted-id"
        signing="true" encryption="false"
 >

<ApplicationOverride id="rename--my-application-name"
                             entityID="https://clientDomain/shibboleth"
                             homeURL="https://clientDomain/locked"
                             REMOTE_USER="somerandomstring" >
          <Sessions handlerURL="/locked/Shibboleth.sso"
                    handlerSSL="true"
                    cookieProps="; path=/locked; secure"
                    checkAddress="false"
                    lifetime="7200" timeout="3600" />
        </ApplicationOverride>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140909/153e9b27/attachment.html 


More information about the users mailing list