identifier precedence list on MS-IIS
Peter Schober
peter.schober at univie.ac.at
Tue Sep 23 07:49:59 EDT 2014
A vendor has chosen MS-IIS to host their Shib SP, I'm trying to
support them in their configuration.
I'm aware MS-IIS does not have REMOTE_USER and from reading
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess#NativeSPAttributeAccess-REMOTE_USER
I'm assuming there's also no way to access the 'header variable
(internally named "remote-user")' directly?
Given that relying on HTTP_REMOTE_USER is discouraged, am I correct
that then there's no support for an identifier precedence list on
MS-IIS (using the SP's ApplicationDefaults/@REMOTE_USER), iterating
over all possible attributes, and as such that this would have to be
implemented in application code?
Would the SP architecture allow to add a feature to map the result of
ApplicationDefaults/@REMOTE_USER to a custom attribute/header name?
I doubt it, as REMOTE_USER uses the output from the attribute map as
it's input, but I thought I'd ask.
Thanks,
-peter
More information about the users
mailing list