Orchard CMS and Shibboleth authentication

StackOverflow https://stackoverflow.com/questions/16451290

  •  14-04-2022
  •  | 
  •  

Pergunta

We're looking at using Orchard for an internal site.

We currently use Shibboleth for initial authentication, which makes a POST back to our site in the format of http://domain/Shibboleth.sso/{stuff}

In our current ASP.NET MVC website we needed to just modify the Global.asax with the following:

routes.IgnoreRoute("Shibboleth.sso/{isapiInfo}/{isapiDetails}");
routes.IgnoreRoute("Shibboleth.sso/{*pathInfo}");

Unfortunately, Orchard doesn't allow us to go that route, so after some research it looks like it requires a handler to be added.

Via IIS (Server 2008 R2) this was added into the web.config within the handlers group:

<add name="Shib" path="*.sso" verb="*" modules="IsapiFilterModule" scriptProcessor="C:\{path}\isapi_shib.dll" resourceType="Either" requireAccess="Script" preCondition="integratedMode" />

I've tried a couple different variations of this, and still no dice.

Since I pulled down the source anyway, I tried going the simple route of just adding the two routes.IgnoreRoute calls and re-building, but that results in the same issue.

If I remove the Shib requirement then Orchard starts fine, and if I put in a new MVC project with Shib on (and our two IgnoreRoute calls added) that also works fine.

The browser is returning a 404 (blank page), so I have the feeling that Orchard is still grabbing the request.

Any suggestions on how I could go about getting Orchard to skip over this path?

Foi útil?

Solução

I ended up doing two things.

First, I created a new module using Not Found MVC as a template. In particular the InstallerModule code.

I added the following in system.web > httpModules:

<add name="InstallerModule" type="IgnoreShibboleth.InstallerModule, IgnoreShibboleth" />

I also added the same to system.webServer > modules.

All the code did was add in the ignore routes.

routes.IgnoreRoute("Shibboleth.sso/{isapiInfo}/{isapiDetails}");
routes.IgnoreRoute("Shibboleth.sso/{*pathInfo}");

The final step I was really close on. I added the following under system.webServer > handlers, immediately after the <clear />:

<add name="Shib" path="*.sso" verb="*" modules="IsapiModule" scriptProcessor="{path-to}\lib\shibboleth\isapi_shib.dll" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,bitness64" />

The last time wasn't required in the past, but seems necessary for something Orchard is doing.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top