​IAM / ​Projects / Shibboleth / SP on IIS: ISAPI config notes

from Walker Wheeler: Summary of pieces related to ISS. I have attempted to boil it down to the correspondence between the two and the places to look when interested in checking the settings.

---

When working with Windows' IIS, Shibboleth requires the use of an IIS ISAPI Filter. The filter is provided by way of DLL in the shibboleth-sp installation folder. A 32 and 64 bit version are provided in the Shibboleth SP distribution.

32 bit example path to ISAPI Filter: C:\opt\shibboleth-sp\lib\shibboleth\isapi_shib.dll 64 bit example path to ISAPI Filter: C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll

The following two screen shots depict how to get to the IIS 7 configuration screen for ISAPI filters.

1. Select the main server configuration.
2. Choose the ISAPI Filters from the IIS section.

3. The second image shows the configuration to support only the 64bit version of shibboleth's ISAPI Filter.

To add the 32 bit version of shibboleth, you can right click and choose the Add option. You will provide a name and the path to the 32 bit version of Shibboleth's isapi_shib.dll file.

The version that an ASPX or similar IIS application will need, depends on how the application pool for the specific application is configured. To inspect the application pool of interest.

1. Select the Application Pools list in the left hand menu.
2. Right click the application pool of interest.
3. Select the Advanced Settings menu item.

4. Review the setting labeled "Enable 32-Bit Applications"

When set to False, this implies a 64 bit application. When set to True, the implies a 32 bit application. The corresponding version of the Shibboleth isapi_shib.dll file must be available in the server to successfully have the application work as expected.