shibboleth-dev - Issues integrated Shibboleth with IIS/Tomcat and Jakarta redirector
Subject: Shibboleth Developers
List archive
- From: Nathaniel Trevivian <>
- To:
- Subject: Issues integrated Shibboleth with IIS/Tomcat and Jakarta redirector
- Date: Wed, 14 Apr 2010 17:24:24 +0100
Hello, I raised this on shib-users, but I think that was possibly the wrong mailing list. I've installed the Shibboleth SP v2.3.1 (from "latest" downloads folder) on a Windows 2003 Server machine. My application is running under Tomcat 5.5 through IIS 6 using the Jakarta ISAPI redirector. Everything works fine up until the point where the IdP passes me back to the application. I get sent to: https://my.domain.com/Shibboleth.sso/SAML2/POST and shown an IIS 401.3 error. The native.log file contains the following: 2010-04-14 09:31:16 INFO Shibboleth.Config : Shibboleth SP Version 2.3.1 2010-04-14 09:31:16 INFO Shibboleth.Config : Library versions: Xerces-C 3.0.1, XMLTooling-C 1.3.2, Shibboleth 1.3.1 2010-04-14 09:31:16 INFO Shibboleth.Config : building ListenerService of type TCPListener... 2010-04-14 09:31:16 INFO Shibboleth.Config : building SessionCache of type StorageService... 2010-04-14 09:31:16 INFO Shibboleth.Config : building RequestMapper of type Native... 2010-04-14 09:31:16 INFO Shibboleth.SessionCache : cleanup thread started...run every 900 secs; timeout after 900 secs 2010-04-14 09:31:16 WARN Shibboleth.PropertySet : deprecation - remapping property (defaultACSIndex) to (acsIndex) every now and then when requesting the site, authenticating and getting sent back, the shibd.log will say: INFO Shibboleth.Listener [3]: detected socket closure, shutting down worker thread Here's the stinger: I don't get this problem when I disable the Jakarta ISAPI Redirector. If I disable the Jakarta ISAPI Redirector my app won't work. Has anyone done an IIS/Tomcat implementation before? I know I've missed something. Do I need to do something similar to this: Add the following line to the uriworkersmap.properties file. This tells the ISAPI Filter that all urls beginning with /shibboleth-idp/ should be routed to Tomcat. /shibboleth-idp/*=wlp (found here https://mail.internet2.edu/wws/arc/shibboleth-users/2007-01/msg00022.html) but for my SP? or perhaps add the following to my uriworkersmap.properties file: !/Shibboleth.sso/* ? Maybe I'm barking up the wrong tree altogether. Any help/advice/corrections would be much appreciated. Thanks |
- Issues integrated Shibboleth with IIS/Tomcat and Jakarta redirector, Nathaniel Trevivian, 04/14/2010
- RE: [Shib-Dev] Issues integrated Shibboleth with IIS/Tomcat and Jakarta redirector, Scott Cantor, 04/14/2010
Archive powered by MHonArc 2.6.16.