希望对Shibboleth auth服务提供一些帮助。 Shib支持运行多个IIS站点,但我在获取位置设置时遇到问题。这是一个XML选项的海洋,所以一些指针(在匹配的ID上)将非常感激。
在我的实施中,http://localhost/Shibboleth.sso/Status有效,但不是:http://staging.sphsc.washington.edu/Shibboleth.sso/Metdata
shibboleth2.xml中的相关XML是:
<InProcess logger="native.logger">
<ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="1" name="localhost" />
<Site id="288954588" name="staging.sphsc.washington.edu" />
....
<RequestMapper type="Native">
<RequestMap>
<Host name="localhost">
<Path name="secure" authType="shibboleth" requireSession="true" />
</Host>
<Host name="staging.sphsc.washington.edu" applicationId="sphsc_local_22">
<Path name="secure" authType="shibboleth" requireSession="true" />
</Host>
....
<ApplicationDefaults entityID="http://staging.sphsc.washington.edu/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
signing="false" encryption="false">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="false" cookieProps="http">
<SSO isDefault="true" entityID="urn:mace:incommon:washington.edu">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false" />
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1" />
<Handler type="Session" Location="/Session" showAttributeValues="false" />
<Handler type="DiscoveryFeed" Location="/DiscoFeed" />
....
<ApplicationOverride id="sphsc_local_22" entityID="http://staging.sphsc.washington.edu/shibboleth" />
....