Shibboleth 3.x & Multiple Sites on IIS Server

Bhagwat, Shrikant shrbhagw at med.umich.edu
Mon Feb 3 14:01:52 EST 2020 

We have two Web Site on Single IIS Server running on Windows 2016 Server.
https://Site1.lan
https://Site2.lan

Trying to configure shibboleth2.xml for this setup


<InProcess>
        <ISAPI normalizeRequest="true" safeHeaderNames="true">
            <!--
            Maps IIS Instance ID values to the host scheme/name/port. The name is
            required so that the proper <Host> in the request map above is found without
            having to cover every possible DNS/IP combination the user might enter.
            -->
            <Site id="2" name="site1.lan"/>
           <Site id="3" name="site2.lan"/>
            <!--
            When the port and scheme are omitted, the HTTP request's port and scheme are used.
            If these are wrong because of virtualization, they can be explicitly set here to
            ensure proper redirect generation.
            -->
            <!--
            <Site id="42" name="virtual.example.org" scheme="https" port="443"/>
            -->
        </ISAPI>
    </InProcess>

<RequestMapper type="Native">
        <RequestMap>
            <!--
            The example requires a session for documents in /secure on the containing host with http and
            https on the default ports. Note that the name and port in the <Host> elements MUST match
            Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above.
            -->
            <Host name="site1.lan">
                <Path name="secure" authType="shibboleth" requireSession="true"/>
            </Host>

      <Host name="site2.lan">
                <Path name="secure" authType="shibboleth" requireSession="true"/>
            </Host>

            <!-- Example of a second vhost mapped to a different applicationId. -->
            <!--
            <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/>
            -->
        </RequestMap>
    </RequestMapper>

What do we in the element

<ApplicationDefaults entityID="https://site1.lan /shibboleth"
        REMOTE_USER="eppn subject-id pairwise-id persistent-id"
        cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">


Or do we use ApplicationOverride  element for each site ?
**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200203/a37d6a0d/attachment.html>

More information about the users mailing list