Shibboleth 3.x & Multiple Sites on IIS Server

Peter Schober peter.schober at
Mon Feb 3 14:15:30 EST 2020

* Bhagwat, Shrikant <shrbhagw at> [2020-02-03 20:02]:
> We have two Web Site on Single IIS Server running on Windows 2016 Server.
> [...]
> What do we in the element
> <ApplicationDefaults entityID="https://site1.lan /shibboleth"
>         REMOTE_USER="eppn subject-id pairwise-id persistent-id"
>         cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
> Or do we use ApplicationOverride  element for each site ?

If an IDP does not need to differentate between those
applications/sites treat it as a single SP and keep a single entityID.

(Maybe pick an entityID value that's appropropriate for all sites
hosted by that SP, e.g. based on the department or a purpose shared
between those sites. If in doubt ask your IDP admin for guidance.)

If the sites hosted are vastly different (to the extent that the SAML
IDP needs to care about) you can still give them separate entityIDs
without having to use ApplicationOverrides. Only do this if the
deploment really calls for it, of course.

If the existing documentation[1] doesn't clear up for you when (and
when not!) to use ApplicationOverrides you'll need to ask concrete
questions that go beyond what the documentation states.



More information about the users mailing list