Shibboleth 3.x & Multiple Sites on IIS Server

[Bhagwat, Shrikant]

We will be using UMich_Health System Central IDP. 
Users will access Site1 & Site2 (hosted on same IIS Server) by separate URL. So I think "SP Entity ID" will be different. 
We have done single Site IIS Server several times, but doing multiple sites for first time. 


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Monday, February 3, 2020 3:15 PM
To: users at shibboleth.net
Subject: Re: Shibboleth 3.x & Multiple Sites on IIS Server

External Email - Use Caution

* Bhagwat, Shrikant <shrbhagw at med.umich.edu> [2020-02-03 21:05]:
> We looked in our case we don't need to use ApplicationOverride 
> element. Both sites site1 & site2 are very much similar.
> 
> I could not figure out how to add second site "site2.lan" in 
> ApplicationDefault Element. Or is it not necessary.

Since AFAICT you state above that you "don't need to use ApplicationOverride element" I think that question is moot?

> I am the IDP Admin as well as SP admin.

OK. I was simply assuming you'd be using UMich's central IDP.

> Also how do I get them separate entityID for each site id I need.

Of the sites are "very much similar" (as you said yourself. above) I wouldn't give them separate entityIDs. Those are only useful if the IDP must differentiate those SPs somehow, usually for differing attribute release or other policies.

If you *know* you must use different entityIDs there's the 'entityIDself' content setting. For use within the RequestMap see:
https://wiki.shibboleth.net/confluence/display/SP3/RequestMap

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues