shibboleth-dev - [testing the IIS target]
Subject: Shibboleth Developers
List archive
- From: "RL 'Bob' Morgan" <>
- To: Shibboleth Design Team <>
- Subject: [testing the IIS target]
- Date: Thu, 31 Jul 2003 01:04:53 -0700 (PDT)
Nathan's been trying out the IIS target just for grins, and is in the
state reported below. Also had some install problems, I'll forward those
msgs too.
- RL "Bob"
---------- Forwarded message ----------
Date: Thu, 31 Jul 2003 00:48:31 -0700 (PDT)
From: Nathan Dors
<>
To: RL 'Bob' Morgan
<>
Subject: Re: [shwindows]
Well, I'm stuck in some sort of loop here. I've got
everything installed and it does part of the process:
1. I'm redirected to the InQueue WAYF
2. I'm sent to the HS on shib.cac
3. I do our weblogin dance
4. I'm sent by shib.cac to /my.shire
5. I'm given a shib-cookie and redirected
back to the original target...
But then I'm sent back to the WAYF all over again.
I suspect it has something to do with the SHAR
service, but I don't know how to get any further
debug info out of it.
My shibboleth.ini is attached in case someone wants
to take a quick looksee.
-Nathan
[general]
logger=/opt/shibboleth/etc/shibboleth/shibboleth.logger
schemadir=/opt/shibboleth/etc/shibboleth
sharsocket=127.0.0.1:1600
# SERVER CONFIGURATION
# Optional, may also be set per-server (or per-directory in Apache)
#normalizeRequest = true
#checkIPAddress = false
#contentSSLOnly = false
#exportAssertion = false
# These timeouts apply to session validity at the target for IIS
# Apache session control is per-directory with Apache commands
#authLifetime = 7200
#authTimeout = 3600
logoLocation=/logo.gif
# Mandatory
wayfURL = https://wayf.internet2.edu/InQueue/WAYF
shireURL = /the.shire
cookieName = shib-cookie
shireSSLOnly = false
shireError=/opt/shibboleth/etc/shibboleth/shireError.html
rmError=/opt/shibboleth/etc/shibboleth/rmError.html
accessError=/opt/shibboleth/etc/shibboleth/accessError.html
[shire]
logger=/opt/shibboleth/etc/shibboleth/shire.logger
metadata=metadata_shire
[shar]
logger=/opt/shibboleth/etc/shibboleth/shar.logger
# If using a TCP-based SHAR, space delimit the allowed client IPs
#sharacl = 127.0.0.1
metadata=metadata_shar
# Should provide a key-pair and certificate
# Can use mod_ssl's server.crt/server.key if you set file permissions
#certfile=/opt/shibboleth/etc/shibboleth/shar.crt
#keyfile=/opt/shibboleth/etc/shibboleth/shar.key
certfile=/opt/shibboleth/etc/shibboleth/pablo_session.cert
keyfile=/opt/shibboleth/etc/shibboleth/pablo_session.key
#keypass=
#calist=/opt/shibboleth/etc/shibboleth/ca-bundle.crt
calist=/opt/shibboleth/etc/shibboleth/uw-ca.crt
# Controls timeouts for AA queries (in seconds)
AATimeout=60
AAConnectTimeout=30
# The following shar items are session caching parameters
# The default cache now uses a MySQL embedded database
cacheType=memory
#cacheType=mysql
# how often to run the cache cleanup thread (in seconds)
cacheClean=300
# These timeouts apply to session caching, irrespesctive of validity
# Sessions can be deleted before they expire, so these should usually
# be at least as long as session policy itself.
cacheTimeout=3600
#mysql-cache-timeout = 14400
# Only needed if the MySQL cache plugin is used.
#[extensions:saml]
#mysql = /opt/shibboleth/libexec/shib-mysql-ccache.dll
# Arguments for the MySQL embedded database
# Make sure the datadir exists.
#[mysql]
#arg1 = --language=/opt/shibboleth/share/english
#arg2 = --datadir=/opt/shibboleth/data
[metadata_shire]
edu.internet2.middleware.shibboleth.metadata.XML=/opt/shibboleth/etc/shibboleth/sites.xml
edu.internet2.middleware.shibboleth.target.AAP.XML=/opt/shibboleth/etc/shibboleth/AAP.xml
[metadata_shar]
edu.internet2.middleware.shibboleth.metadata.XML=/opt/shibboleth/etc/shibboleth/sites.xml
edu.internet2.middleware.shibboleth.trust.XML=/opt/shibboleth/etc/shibboleth/trust.xml
edu.internet2.middleware.shibboleth.target.AAP.XML=/opt/shibboleth/etc/shibboleth/AAP.xml
[isapi]
# When using the ISAPI filter version, map IIS Instance IDs to server names.
#
1=pablo.cac.washington.edu
[policies]
# This is a sample policy URI used by the InCommon pilot origins.
# You can filter incoming users at a high level by listing the policies to
allow.
InQueue=urn:mace:inqueue
# To define per-server or per-vhost settings, create a section
# for the server's hostname and set or override configuration.
[pablo.cac.washington.edu]
#normalizeRequest = true
#checkIPAddress = false
#contentSSLOnly = false
#authLifetime = 7200
#authTimeout = 3600
#exportAssertion = false
# For IIS, determine what content to protect by specifying strings
# to match against the request path. Separate matches with semicolons.
#mustContain = /shib/
# list of attributes to request for server "my.server.name"
# requests everything if this doesn't exist or is empty
#requestAttributes =
- [testing the IIS target], RL 'Bob' Morgan, 07/31/2003
- RE: [testing the IIS target], Scott Cantor, 07/31/2003
- <Possible follow-up(s)>
- RE: [testing the IIS target], Scott Cantor, 07/31/2003
Archive powered by MHonArc 2.6.16.