IIS 5 & IIS 6
ISAPI extension won't run with Sharepoint site
Last post May 21, 2009 02:53 PM by jm.thia
May 20, 2009 05:21 PM|jm.thia|LINK
I am trying to have an ISAPI filter / extension that allows federated authentication with Shibboleth (http://shibboleth.internet2.edu/downloads.html) at work with a sharepoint site.
The authentication protocol is based on 302 redirection to send the user to an Identification Provider (IdP). Once the user is authenticated on the IdP site, he is redirected to <site>/Shibboleth.sso/SAML/POST. At this point .sso extension is map to shibboleth
ISAPI extension, which decrypt the SAML data. The user is finally redirect to the original request.
This works fine with an ASP.Net page in an IIS6 site. But when i extend a WSS v3 web application to the preceding site, I am stuck at /Shibboleth:SAML/POST request with a 404 page error.
I made some traces with logman in both configuration, but there is noting that tells me wether the error is in the extension or in IIS6. When I cross check with shibboleth debug trace I can't find any call to the extension.
It seems, that ISAPI extension is bypassed in an Shraepoint envirronment.
1 - Is my conclusion correct ?
2 - How to make the extension at work with sharepoint.
May 20, 2009 05:48 PM|anilr|LINK
With sharepoint, the sharepoint ISAPI extension is *-ScriptMapped so it gets all the requests and the request never makes it to the shibboleth ISAPI extension - you would need to add a *-ScriptMap to the shibboleth ISAPI extension and either modify the extension
to only handle the requests to /shibboleth.sso in its code or only do the *-ScriptMap in configuration at site/shibboleth.sso
May 21, 2009 02:53 PM|jm.thia|LINK
Thanks a lot i will try to do *-ScriptMap to /shibboleth.sso.