IIS7 and Shibboleth SP - ISAPI filter problem solved
Past two weeks I had trying to install Shibboleth Service Provider to my 64-bit Windows Server 2008 R2 and finally it works. I had following Shibboleth installation introductions https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsIIS7Installer, but I got error "check ISAPI mappings in SP configuration". In bottom is solution how I configured shibboleth and what was the solution which makes it work.
Workflow
1. At first I install IIS7, ISAPI Extensions and ISAPI Filters.
2. I Created new Web Site and setup bindings. Test site is works correctly by opening binded site in my web browser.
3. I downloaded Shibboleth SP 2.5.3 64-bit and installed it by default values.
4. I added ISAPI Filters name: Shibboleth, file: C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll.
5. I added Handler Mappings -> Add Script Map -> Request path: *.sso, Executable: C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll, Name: Shibboleth SP.
6. I allowed isapi_shib.dll in ISAPI and CGI Restrictions: add... -> ISAPI or CGI path: C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll, Description: Shibboleth SP.
Problem
All that on above is in Shibboleth official installation guide. So I should believe everything is work as well now, and I could begin to test my Shibboleth SP, but no. It gives me the following error:
Shibboleth Error
Shibboleth Extension not configured for web site (check ISAPI mappings in SP configuration).I opened Windows Event Viewer, and found the following error in there:
The description for Event ID 7701 from source Shibboleth ISAPI Filter cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Filter shut down...Solution
Finally two weeks later I got it works. All what you need is to modify shibboleth2.xml which located in C:\opt\shibboleth-sp\etc\shibboleth\. You have to override sp.example.com to your domain, and set IIS Instance ID.
In default shibboleth2.xml IIS Instance number is 1. My just before created IIS Web Sites instanceID is doesn't number 1, because ID number 1 is the IIS's default web site ID. As like me the correct number was 2. If you have multiple IIS web sites, you should look at your instances id by following command in command line:
%systemroot%\system32\inetsrv\APPCMD list site <SiteName>