SP v3 ISAPI modules on IIS 10

Steven Teixeira steixeira at csustan.edu
Wed Jul 17 15:26:04 EDT 2019

Yes, it is possible, and I've had to do it for a third party application that doesn't have an sensitive attributes being passed.  Documented here:


Steven Teixeira

From: users <users-bounces at shibboleth.net> On Behalf Of Mark McCoy
Sent: Wednesday, July 17, 2019 12:06
To: shibboleth-users at shibboleth.net
Subject: SP v3 ISAPI modules on IIS 10

I sincerely apologize in advance for this question...

Does anyone have recent experience in manually wiring in the ISAPI "compatibility" DLLs from the SP version 3 install into an IIS 10 (Server 2016) server?


We have a department with an app on an older Server 2008 system that they are migrating to a 2016 server. The old system has the older version of the Service Provider. They are adamant about not upgrading the application to a newer version, but we are adamant that they use the latest 3.x version of the Service Provider instead of installing the older version 2 of the SP. We will not support them on SP v2 for good reason.

The problem that we are running into is that their application only supports reading HTTP headers, and thus the application does not authenticate since it doesn't use IIS Server Variables. We have tried manually configuring the ISAPI filter that comes with SP3 with no luck.

No matter what combination of ISAPI DLL's we have configured, the application pool dies completely with the error below. We have tried enabling/disabling the 32-bit option in the application pool. We have tried only configuring the 64-bit DLL (the error always shows the lib64 path even when the 32-bit version of the DLL is the only one loaded).

The Module DLL 'C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture. The data field contains the error number. To learn more about this issue, including how to troubleshooting this kind of processor architecture mismatch error, see http://go.microsoft.com/fwlink/?LinkId=29349.

Does anyone have any suggestions?? If not, I am happy to tell them that this is not a supported configuration and that they have to fall back to plan B.


Mark McCoy
OIT Manager, Platform Application Services
Office of Information Technology
The University of Texas at San Antonio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190717/aba3ab05/attachment.html>

More information about the users mailing list