The <InProcess>
element contains settings governing the portion of the SP that runs inside the web server. It also includes content specific to particular web servers that supply an inadequate native configuration mechanism. On version 2.4 and above, it is required for IIS usage, optional otherwise.
<InProcess logger="native.logger" checkSpoofing="true"> <Extensions> <Library path="adfs-lite.so" fatal="true"/> </Extensions> <ISAPI/> </InProcess> |
When omitted, the default attribute values below are used, no extensions are loaded, and no IIS configuration information is supplied.
logger
(local pathname) (default is native.logger
on 2.4+)
catchAll
(boolean) (default is false)
unsetHeaderValue
(string) (default is empty string)
checkSpoofing
(boolean) (default is true)
spoofKey
(string)
checkSpoofing
option. Web servers do not generally provide a reliable means of detecting whether a request is directly from a client or has been internally redirected/rewritten in some fashion.
When using Apache, strongly consider porting applications to rely on environment variables in place of headers. If this is not possible, the On the Windows/IIS platform, a random key is automatically generated to ensure the detection feature works safely. On other platforms, you need to establish the |
<Extensions>
<ISAPI>