identifier precedence list on MS-IIS

Peter Schober peter.schober at
Tue Sep 23 07:49:59 EDT 2014

A vendor has chosen MS-IIS to host their Shib SP, I'm trying to
support them in their configuration.
I'm aware MS-IIS does not have REMOTE_USER and from reading
I'm assuming there's also no way to access the 'header variable
(internally named "remote-user")' directly?

Given that relying on HTTP_REMOTE_USER is discouraged, am I correct
that then there's no support for an identifier precedence list on
MS-IIS (using the SP's ApplicationDefaults/@REMOTE_USER), iterating
over all possible attributes, and as such that this would have to be
implemented in application code?

Would the SP architecture allow to add a feature to map the result of
ApplicationDefaults/@REMOTE_USER to a custom attribute/header name?
I doubt it, as REMOTE_USER uses the output from the attribute map as
it's input, but I thought I'd ask.


More information about the users mailing list