1

I'm setting up my first Shibboleth 3.x app running under IIS (Windows Server 2019), and have run into a roadblock. It's a vendor's app, and not something I coded myself.

I've currently got things configured so that users can authenticate and log in successfully. However, if they use anything other than the specific URL to the login page, it fails with a 500 code. So I feel like I'm missing something in my shibboleth2.xml file.

This URL works and the user can manually interact with the items in the web app after authenticating: https://Application/Login.aspx

This URL fails after the user authenticates and gets redirected back to the web app: https://Application/WMR.aspx?APGuid=E56AE53FB786466DD090D67D3B407C2C&PrevPage=Main.aspx

(the second URL comes out of an email that gets generated for a user by the web app)

Anyone see this behavior before, and can point me towards a solution?

Thanks!

Rick
  • 245
  • 3
  • 13
  • Without seeing the details error message, we couldn't find the solution directly. Could you please post the details error message? Besides, I suggest you could tell us what WMR.aspx has done. If possbile, please post the main codes about the WMR.aspx page. – Brando Zhang Sep 09 '19 at 05:42
  • You should also post your shibboleth2.xml configuration relative to the handler and request mapper. Are you protecting the resource path `https://Application/` or only `https://Application/Login.aspx`? – Kellen Murphy Sep 12 '19 at 13:38

1 Answers1

0

After digging into things I found out that:

A. I had to NOT check the box to configure IIS during install of the Shobboleth client B. Manually configure an ISAPI Filter C. Set the ISAPI Filter at the site level and NOT the server level D. Use the older DLL and not the newer one (even though it was on newer IIS)

After untangling all of the above, things worked fine with Shibboleth 3.x. My shibboleth2.xml file was fine. The issue seemed to be with the older web app code and which DLL I used.

Rick
  • 245
  • 3
  • 13