Configuring the SP for sites with multiple IIS bindings

Boyd, Todd M. tmboyd1 at ccis.edu
Thu Sep 27 11:40:25 EDT 2018 

I don't know about the SP and aliases, but you can set up those bindings as separate sites in IIS with the same application pool and root directory. We've used this with our own CMS in special circumstances to point multiple subdomains at the same system. 

Just be careful that you treat them as the same site in your mind when altering configuration that would touch the web.config file, because as far as the file system is concerned, they are inseparable. IIS metabase configuration lives outside of the web site's root directory, however, which is what allows you to use this trick in the first place.

There may be a different Shib fix that would work, too, but this is something that I know would have IIS give each subdomain a different Site ID for use in the SP configuration.

-Todd
 

From: users <users-bounces at shibboleth.net> on behalf of Wessel, Keith <kwessel at illinois.edu>
Sent: Thursday, September 27, 2018 9:55 AM
To: users at shibboleth.net
Subject: Configuring the SP for sites with multiple IIS bindings
    
Hi, all,

We've got an SP admin who's having problems with an IIS site that has multiple bindings (IIS bindings, that is) all protected by Shib. The site is running a multihome CMS configured to serve different content depending on the hostname used to access it, all  under a single IIS site. The SP seems to be requesting responses be sent to the primary hostname of the site and returning the user to a page on the primary hostname regardless of which hostname was used to access it initially.

I had the admin add <Alias> elements to his site element:

            <Site id="2" name="site.illinois.edu" scheme="https" port="443">
                <Alias>alias.site.illinois.edu</Alias>
            </Site>

And the corresponding request map:

        <RequestMap>
            <Host name="site.illinois.edu">
                <Path name="cms/login" requireSession="true" authType="shibboleth" />
            </Host>
            <Host name="alias.site.illinois.edu">
                <Path name="cms/login" requireSession="true" authType="shibboleth" />
            </Host>
        </RequestMap>

But still, a user visiting alias.site.illinois.edu gets sent to the IdP and returned to site.illinois.edu instead.

Are we missing something?

Keith

-- 
For Consortium Member technical support, see  https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list