Skip to Content.
Sympa Menu

shibboleth-dev - Shibboleth on IIS without ASAPI?

Subject: Shibboleth Developers

List archive

Shibboleth on IIS without ASAPI?


Chronological Thread 
  • From:
  • To:
  • Subject: Shibboleth on IIS without ASAPI?
  • Date: Tue, 1 Jul 2008 10:09:40 -0400 (EDT)

Hello everyone,

Our company is currently trying to implement Shibboleth on top of our
existing authentication and Athens implementation.

We're a 100% Microsoft platform, so IIS-6 on Windows Server 2003.

Our current Authentication system (ERights 2.7) uses an ASAPI filter and
therefore we are not keen on any Shibboleth implementation involving another
ASAPI filter.

Our goal with Shibboleth is to allow users from other Institutions to
"authenticate" themselves through Shibboleth, so that we can give the user
the same access as that Institution would have in our current ERights
Authentication system. (Basically allowing any user from that institution
access to our restricted content outside of there institution)

Currently we do the same thing with Athens, where an Athens user will come
to our site, access a restricted page and get denied. Upon getting Denied
they can choose to authenticate via Athens, which sends them off to Athens
where they login and get passed back to our site with a "Athens Token" that
identifies them. We use this "Token" to identify there Institute and then
give the relevant access.

We would prefer to do the same with Shibboleth.

We will be Authenticating all Shibboleth accesses through the UK-FEDERATION
iDP.

Therefore my question is.. Can we..

1. Use a Script (ASP/VBScript) to emulate the functions of the IIS ASAPI
filter? For example, creating any Sessions/Attributes and passing the user
to the iDP for Authentication.

2. Use a script (ASP/VBScript) to read the response from the iDP, Read all
the Attributes, allowing us to identify the Institute and then setup relevant
priviledges in our own authentication software.

If the answer is yes, any information would be greatly appreciated!

We assume we're not the open people in the world not wanting to use the ASAPI
Filter, so hopefully people have had similar experiences!

Much appreciated,

Gareth Palfrey
IT Application Developer
Royal Society of Chemistry
Cambridge, UK
Tel: 01223 43 2218
E-mail:











Archive powered by MHonArc 2.6.16.

Top of Page