The <ISAPI> element defines part of the integration of Shibboleth with IIS.In SP V3, this is achieved using the "new" since IIS7 interface. between the SP and the Microsoft IIS web server, due to deficiencies in its support for native configuration of such extensions.
With V3, a new IIS7 native module is supplied. This has significant benefits as detailed elsewhere, and also means that less configuration may be needed.
| Note | ||
|---|---|---|
| ||
You'll need to restart IIS after changing this particular set any of the options in this area. |
Existing Upgraded V2 installations will continue to use the old ISAPI based extension as documented here. If you convert an existing site to use the new plugin (as described here) you should be aware that although the configuration is compatible, some defaults have changed and you will need to make changes to your applications to take proper advantage of the new pluginmodule.
Attributes
| Name | Type | Default | Description |
|---|---|---|---|
normalizeRequest | boolean | trueTo be Deprecated | This is essentially obligatory with IIS, and causes the software to determine the URLs its processing based on information from the SP's own configuration per its <Site> element(s). Turning this off will generally result in security issues unless you avoid any use of content settings and the RequestMapper. |
safeHeaderNames | booleanTBD | false (true if the userHeaders option is enabled) | Causes all non-alphanumeric characters to be automatically removed from the names of all SP-controlled {{headersheaders. This defaults to false for compatibility with V2, but is auto-enabled if the |
useVariables | boolean | true | Controls whether attributes are passed the the application as Server Variables. |
useHeaders | boolean | false | Controls whether attributes are passed as HTTP Headers. This setting should be avoided, but is present to provide a level of compatibility with applications developed against the old isapi_shib pluginISAPI extension. |
Child Elements
| Element | Cardinalty | Description |
|---|---|---|
<Site> | 0 or more | Controls how Shibboleth perceives each IIS sitethe SP establishes canonical URLs for requests to a given IIS site. This is used to provide a limited form of virtualization support, which IIS does not support itself. Use Apache if you intend to do serious virtual hosting, or ask Microsoft to fix their product. |
<Roles> | 0 or 1 | Provides support for roles based authorization. |