Passing Shibboleth SP Headers to Tomcat on IIS 7 with Tomcat Connector

Gary Gwin ggwin at
Fri Sep 19 19:35:20 EDT 2014

Hi Scott,

 > I assume the normal way just works, it certainly has for others.

That's good to know. I assume the "normal way" is configuring 
applications at the vhost level as that's how the documentation is 
written. When I try it with regex URL path matching, Shibboleth SP works 
fine, but the environment variables only populate for the matched path. 
When I configure with the matched path the 
requests are mapped to Tomcat bypassing Shibboleth.

I'll try a test the "normal way" and get back with the results.

Thanks for the quick response.


On 9/19/2014 5:12 PM, Cantor, Scott wrote:
> On 9/19/14, 7:01 PM, "Gary Gwin" <ggwin at> wrote:
>> Shibboleth SP only populates headers when the path above is matched,
>> which makes sense. If I map the same path to the Tomcat Connector, then
>> Shibboleth SP appears to be bypassed and the request is sent to Tomcat
>> directly. I've tried various orderings of the respective ISAPI filters
>> with no luck.
> If you're seeing the SP redirect and establish a session, then it's not
> being bypassed, so there's no guesswork involved. If a fresh access
> doesn't redirect away, then it definitely isn't running. If it does, then
> it is, and the headers are set.
>> Is there a known way to configure Shibboleth SP with IIS 7, the Tomcat
>> Connector and Tomcat such that the Shibboleth headers are sent to Tomcat?
> I assume the normal way just works, it certainly has for others.
>> Or, is there an alternative way for a Servlet in Tomcat to get a handle
>> to such Shibboleth information?
> No.
> -- Scott


Gary Gwin
858.268.5100 x501

*                                                               *
*  Cams is a web single sign-on software solution for Apache,   *
*  IIS, WebLogic, WebSphere, JBoss and Tomcat web servers.      *
*                                                               *

More information about the users mailing list