IIS 7 rewrite shibboleth authentication looping.
Cantor, Scott
cantor.2 at osu.edu
Thu Apr 12 17:00:14 EDT 2018
> Maybe I did not explain myself correctly. When we disable shibboleth on IIS
> all of our applications rewrite to the correct internal servers and the
> applications work. When we turn on Shibboleth we consistently go through
> the looping I described.
Looping is entirely about cookies and scheme mismatches that cause sessions to disappear, and is always fixable only with local tracing and full knowledge of the interactions. Any rewrite rules in play are simply one of the contributors to a cookie or scheme misalignment that is the underlying issue.
> I am thinking
> that I need to add a variable to the rewrite rules to keep the header
> information.
Nope. The headers are a result of a session. Looping is about not having a session while telling it to require one. The lack of headers is a result, not a cause.
-- Scott
More information about the users
mailing list