<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Quick Question:<o:p></o:p></p>
<p class="MsoNormal">Is it possible under Shibboleth SP for Windows (IIS7) to set a hostname exception at the webserver level that states; “if anyone coming from this host connects, do _<i>not</i>_ require them to authenticate”? Our server is currently set
to send all requests to shibboleth, we have not specified any secured directories.<o:p></o:p></p>
<p class="MsoNormal"><br>
Longer version:<o:p></o:p></p>
<p class="MsoNormal">We have a shibboleth installation running mostly well under IIS7 as an SP. On its own, it is working as expected. However, when users try to connect to resources on this server from off campus, they are prompted to go through our EZ-Proxy
service, which in turn asks them to authenticate (via shibb) and then things break. (sorry for the lack of details here). Since our ez-proxy service already requires shibboleth, we just want to set our other webserver (running shibboleth sp) to not require
hosts connecting from the ez-proxy server to re-authenticate.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Tim<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">++++++++++++++++++++++++++++++<o:p></o:p></p>
<p class="MsoNormal">Tim Vruwink <a href="mailto:vruwink@illinois.edu">vruwink@illinois.edu</a><o:p></o:p></p>
<p class="MsoNormal">Research Programmer, Library IMS<o:p></o:p></p>
<p class="MsoNormal">424 Main Library, 1408 W Gregory Dr.<o:p></o:p></p>
<p class="MsoNormal">Office: 217-265-0895 Cell: 217-202-1607<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>