shibboleth-dev - RE: Shib 1.0.1 RC for Windows (from Aboo @ EBSCO)
Subject: Shibboleth Developers
List archive
- From:
- To: "'Shib Design Team'" <>
- Subject: RE: Shib 1.0.1 RC for Windows (from Aboo @ EBSCO)
- Date: Mon, 21 Jul 2003 16:09:15 -0400
I understand that we will have to obtain a digital certificate when we
deploy shibboleth in production. Meanwhile, can I use the earlier test
certificate you provided for testing?
I had added the isapi sections as you documented.
My mustConatin setings are /scure;/protected. I just kept it the same you
provided for testing.
Here is the extract from the .ini file.
[isapi]
# When using the ISAPI filter version, map IIS Instance IDs to server names.
#
1=delta.epnet.com
[policies]
# This is a sample policy URI used by the InCommon pilot origins.
# You can filter incoming users at a high level by listing the policies to
allow.
InQueue=urn:mace:inqueue
[delta.epnet.com]
#normalizeRequest = true
#checkIPAddress = false
#contentSSLOnly = false
#authLifetime = 7200
#authTimeout = 3600
exportAssertion = true
# For IIS, determine what content to protect by specifying strings
# to match against the request path. Separate matches with semicolons.
mustContain = /secure/;/protected/
# list of attributes to request for server "my.server.name"
# requests everything if this doesn't exist or is empty
#requestAttributes =
I had also tried by uncommenting checkIPAddress and contentSSLOnly settings.
Please let me know if there is some debugging I can turn on to see what is
happening.
Thanks.
-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: Monday, July 21, 2003 3:24 PM
To: 'Aboobacker Thanikkal'
Cc: 'Shib Design Team'; 'Oliver Pesch'
Subject: RE: Shib 1.0.1 RC for Windows
I just installed the sbhib-target 1.0.1 for IIS and
configured the ISAPI filter and started the shar in the
console mode. As I noticed that you have not included the
sample certificate files mentioned in the shibboleth.ini
file, I copied those files from my old alpha installation. Is it OK?
We can't include keys for your server, needless to say. That's site
specific.
When I tried to access a protected page (/secure/xxx), the
page is shown without any authentication.
What are your mustContain settings? It should protect everything if you
don't set anything for that. You do need to at least create the [isapi]
section and map the INSTANCE ID (1) to the site's hostname, at the very
least. Without that, it will flat out skip the site. I need to document that
more precisely.
Do I have to do anything else? Do I need to create any
/shibboleth virtual directory as we used to do in the alpha version.
No.
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- RE: Shib 1.0.1 RC for Windows (from Aboo @ EBSCO), Steven_Carmody, 07/21/2003
- <Possible follow-up(s)>
- RE: Shib 1.0.1 RC for Windows (from Aboo @ EBSCO), Steve Carmody, 07/21/2003
- RE: Shib 1.0.1 RC for Windows (from Aboo @ EBSCO), Steven_Carmody, 07/22/2003
Archive powered by MHonArc 2.6.16.