by Leroy Altman
As you may have heard, Stanford is moving away from their in-house created authentication software known as “WebAuth” to an industry standard Open Source technology called SAML2. Software called “Shibboleth” is available to leverage SAML2 and it includes a version created for Microsoft’s Internet Information Server (IIS) web server running on Windows.
This article was gathered from two great sources listed below, and I encourage you to read both for more details. This article is really just the tip of the iceberg:
- The main Shibboleth community: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPWindowsInstall
- University Of Missouri’s IT department: https://doit.missouri.edu/wp-content/uploads/2014/09/WindowsGuide.pdf
There are two new terms to know:
- Identity Provider (IDP): This is Stanford’s central authentication service
- Service Provider (SP): This is your web server
Installation: This is a quick summary of how to get Shibboleth installed and working on a Windows IIS web site.
Some prerequisites:
- Windows Server 2012 R2 w/ IIS installed.
- In addition to the default IIS modules, you’ll also need to add Management Compatibility components:
- IIS 6 WMI
- IIS 6 Metabase compatibility
- IIS 6 Scripting tools
- IIS 6 Management Console
- Install ISAPI filter and Extensions [located in Web Server (IIS) → Web Server → Application Development]
- A “Default Web Site” which has a default page, used for testing.
- A “/secure” subfolder under the root, also with a test page.
- An SSL certificate installed and working on the website.
Run the Shibboleth Installer. The most recent version, as of this writing, is here: https://shibboleth.net/downloads/service-provider/2.6.1/win64/
The defaults for installation are typically fine to use: