CODEWITHSUNDEEP
iis-7.5coldfusion-10shibboleth-sp
Ismail Hossain
Ismail Hossain

Reputation: 1

How to access Shibboleth Header and CGI variable with IIS and in Windows 2008 R2

How can I access shibboleth attributes to login to application or create user base on attributes?

The application is running on Coldfusion 10 in Windows 2008 R2 server with 64bit Operating System. Shibboleth Service provider(SP) 3.4 is installed and configured with IIS 7.5.7 version. useHeaders is enabled on Shibboleth.xml config and ISAPI and CGI Restrictions is allowed for Shibboleth Web Extention.

SHibboleth Status check is OK and when clicked login button its successfull authenticated from Identity Provider (IDP) side and attributes eppn, mail, sn and givenName can be seen in SP session that released by IDP.

some shibboleth config part:

<InProcess>
        <ISAPI normalizeRequest="true" safeHeaderNames="true" useHeaders="true">
            
            <Site id="3" name="coursestest.cit.ie" scheme="https" port="443"/>
            
        </ISAPI>
</InProcess>
...
<ApplicationDefaults entityID="https://country.com/shibboleth"
        REMOTE_USER="eppn subject-id pairwise-id persistent-id"
        attributePrefix="HTTP_"
        homeURL="/name/index.cfm?action=checkLogin"
        cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">

cfdump getHTTPRequestData() return empty string and cfdump CGI also return empty string.

When I tried getHTTPRequestData().headers['http_mail'] its also return empty string. mail is attribute releaded by IDP and I added prefix http in shibboleth config.

I am expecting following

<cfset reqHeaders = getHTTPRequestData()>
<cfif reqHeaders.headers.http_eppn NEQ "">
   <cfset fedVars.lastname = CGI.sn>
   <cfset fedVars.firstname = CGI.givernName>
<cfset fedVars.email = CGI.mail>
<cfelse>
   <cfexit>
</cfif>

Upvotes: 0

Views: 218

Answers (1)

Steve Hassan
Steve Hassan

Reputation: 11

I had this problem and it turned out I needed to restart the IIS application pool for it to set the headers in my reverse proxy running on jetty. I could see the headers in the IIS site but not in the jetty site util the pool was restarted.

Upvotes: 1

Related Questions