The FastCGI Application consists of 2 modules:
A FastCGI responder (shibresponder) that handles the HandlerURL
A FastCGI authorizer (shibauthorizer) that acts as a filter and does the usual (authN, export assertions and authZ).
Bellow is a sample lighttpd snip of the configuration needed to get this to work:
server.name = "your_server_name" server.document-root = "/servers/tags/www/" fastcgi.server = ( "/Shibboleth.sso" => (("socket" => "/tmp/fcgi-resp.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibresponder", "check-local" => "disable", "mode" => "responder")), "/" => (("socket" => "/tmp/fcgi-auth.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibauthorizer", "check-local" => "disable", "mode" => "authorizer")), ".php" => (( "socket" => "/tmp/fgci-php.sock", "broken-scriptfilename" => "enable", "mode" => "responder")) ) |
If using lighttpd you need to be running v1.4.42 or higher (that fixed their issue #322), as included in e.g. EPEL for CentOS 6, Debian 9, Ubuntu 18.04.
See also the Nginx topic.