The FastCGI Application consists of 2 modules:
A FastCGI responder (shibresponder) that handles the HandlerURL
A FastCGI authorizer (shibauthorizer) that acts as a filter and does the usual (authN, export assertions and authZ).
Bellow is a sample lighttpd snip of the configuration needed to get this to work:
server.name = "your_server_name"
server.document-root = "/servers/tags/www/"
fastcgi.server = (
"/Shibboleth.sso" => (("socket" => "/tmp/fcgi-resp.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibresponder", "check-local" => "disable", "mode" => "responder")),
"/" => (("socket" => "/tmp/fcgi-auth.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibauthorizer", "check-local" => "disable", "mode" => "authorizer")),
".php" => (( "socket" => "/tmp/fgci-php.sock", "broken-scriptfilename" => "enable", "mode" => "responder"))
) |
If using lighttpd you need to be running v1.4.42 or higher (that fixed their issue #322), as included in e.g. EPEL for CentOS 6, Debian 9, Ubuntu 18.04.
See also the Nginx topic.