Page Comparison

Installing the Shibboleth SP for IIS 7.x

...

Known Conflicts

The following software is known to cause incompatibilities that affect the installation or use of the Shibboleth SP module:

• The installer does not work fully in conjunction with the IIS "Shared Configuration" option. Disable it prior to installation. After re-enabling it, you will likely have to manually apply some of the configuration changes noted below.

• Per this report, the "DevExpress HTTP Handler" appears to be incompatible with Shibboleth.

Preparation

IIS7 is a rather radical rewrite and has some major differences from earlier versions. Superficially, the administration GUI is very different. Furthermore, the scripting interfaces used by the SP installer are not supported by default.

...

A set of commands that may work for some people to perform the above steps:

Code Block

cd C:\Windows\System32\inetsrv appcmd set config /section:isapiFilters /+[name='shibboleth',path='C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll',enabled='true'] appcmd set config /section:handlers /+[name='Shibboleth',path='*.sso',verb='*',scriptProcessor='C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll'] appcmd set config /section:isapiCgiRestriction /+[path='C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll',description='Shibboleth',allowed='True'] iisreset

For Windows Server 2012 / IIS 8, you may need to add the modules attribute to the Handler Mapping command:

Code Block
appcmd set config /section:handlers /+[name='Shibboleth',path='*.sso',verb='*',scriptProcessor='C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll',modules='IsapiModule']

 

Basic Configuration

• IIS7 may require that you manually install the script mapping and/or the filter itself at the site level, rather than at the root of all the sites. You may also wish to do this to ensure that the filter only runs on a subset of your web sites.

...