For IT Pros: This page explains additional configuration steps needed to modify shibboleth2.xml to work with IIS-based web applications.
In order to supply the necessary information in the block and select the correct bitness, you need to gather some information for the site that you are setting up. This can all be done from the IIS manager (the tool used to configure IIS.
Specifically, you need to know for a given site:
Please see Windows IIS Information Gathering for Shibboleth configuration (PDF) for guidance on how to locate this information.
This code sample is from the original Shibboleth example file; it was removed from the campus-specific shibboleth2.xml file but should be added back in for IIS server use. The bolded information in the <Site> tag is gathered in the steps shown in the attachment.
If you wish to Shibboleth-enable multiple sites served off the same server, the <Site> tag can be repeated with additional information. Additional sites will also need to be registered with the IDP.
The InProcess section contains settings affecting web server modules.
Required for IIS, but can be removed when using other web servers.
<ISAPI normalizeRequest="true" safeHeaderNames="true">
Maps IIS Instance ID values to the host scheme/name/port. The name is
required so that the proper <Host> in the request map above is found without
having to cover every possible DNS/IP combination the user might enter.
<Site id="2" name="name.domain.illinois.edu" scheme="https" port="443"/>
When the port and scheme are omitted, the HTTP request's port and scheme are used.
If these are wrong because of virtualization, they can be explicitly set here to
ensure proper redirect generation. -->
Next, IIS also needs the <RequestMapper> block. This is also an example that was removed from the campus-specific shibboleth2.xml file that should be added for IIS use.
In the code example below:
The example requires a session for documents in /secure on the containing host with http and
https on the default ports. Note that the name and port in the <Host> elements MUST match
Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above.
<Path name="secure" authType="shibboleth" requireSession="true"/>
<!-- Example of a second vhost mapped to a different applicationId. -->
<Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/>