I recently had to setup another environment for a website I completed.  This website would in turn be my staging site for testing.  The production website which was staging until we went live uses Shibboleth and connects to an IDP.  The staging site however needed to also replicate this, therefore I needed to configure a second Service Provider.  This process took some time and help from Google and the guys who ran the IDP.  I will go through some steps on how I achieved two service providers on one server.

1. IIS Settings

If this is a new website in IIS, you may not have the correct setting in IIS.  After installing your first SP (Service Provider), all websites should contain these settings, but if you are adding a new one you should duplicate these for your new website from an existing one that is configured to use Shibboleth, or can use Shibboleth.

Handler Mapping

First thing is to make sure you create a handler under Hander Mappings.  Select the website in IIS and your Dashboard Home should appear. Click on the icon labeled Handler Mappings.

Second, click "Add Script Map…”, under the Actions panel usually to your right, for the Add Script Map window.

Third, type in the Request Path which is *.sso, the Executable, during installation the location was place at C:\opt\shibboleth-sp\lib\shibboleth\isapi_shib.dll, and last the name of the handler called Shibboleth.  Click OK.

The Shibboleth handler has now been added, and can see the result below under the Handler Mappings listing.

ISAPI Filter

The last addition to in IIS it under the ISAPI Filters section under Dashboard Home, but clicking the ISAPI Filters icons.

Second, click "Add…”, under the Actions panel usually to your right, for the Add ISAPI Filter window.

Third, type in the Filter name which is called Shibboleth, and last the Executable which is the same location as the Handler Mapping above. Click OK.

The Shibboleth ISAPI Filter has now been added, and can see the result below under the ISAPI Filters listing.

2. Generate Certificate/Private Key

The second part is to generate a new certificate/private key pair.  The certificate will be given to the IDP to register your SP.  To generate a new pair head to the Shibboleth folder, and find the kengen.bat file.  This uses opensll to generate a certificate and private key.  These will be used by both the IDP and SP to validate the requests that come through.  Make sure not to override your existing certificate and private key for the first site you configured.  The files are usually sp-cert.pem  and sp-key.pem by default.  Once generated this certificate and private key will be used in the next step.

3. Update Shibboleth Configuration File

The next step is to update the configuration file for your new service provider.  Location the directory where shibboleth2.xml  is located.  This configuration file was located at C:\opt\shibboleth-sp\etc\shibboleth\.

Once opened locate the ISAPI node that contains your site nodes.

<ISAPI normalizeRequest="true" safeHeaderNames="true">

  <Site id="1" name="example.com" /> 

  <Site id="2" name="staging.example.com" />

</ISAPI>

Insert your new Site node.  My new node is staging.example.com, with an id of 2.  The id of the Site element comes from IIS.  If you select Sites under IIS, you will get a listing of all your websites including the site id. 

The second step in the configuration file is to add a new host entry, under the RequestMapper section.  The only difference from your original host entry is the host entry needs a applicationId and the new name attribute.

<RequestMapper type="Native">

    <RequestMap applicationId="default">

        <Host name="example.com">

          <Path name="secure" authType="shibboleth" requireSession="true" /> 

      </Host>

        <Host applicationId="staging" name="staging.example.com">

            <Path name="secure" authType="shibboleth" requireSession="true" /> 

        </Host>

    </RequestMap>

</RequestMapper>

The last section in the configuration section that needs to be edited is the ApplicationDefaults section.  A new section called ApplicationOverride needs to be added. This was added at the end of this section.  This was given to me by the IDP, so some attributes might be different. 

<ApplicationOverride id="staging" entityID="https://staging.example.com">

  <Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerURL="https://staging.example.com/Shibboleth.sso" handlerSSL="false" idpHistory="false" idpHistoryDays="7" /> 

  <CredentialResolver type="File" key="sp-staging-key.pem" certificate="sp-staging-cert.pem" /> 

</ApplicationOverride>

Since the configuration file is in the same folder as the new certificate/private key pair files we generated, the file names are just added to the CredentialResolver  element as attributes called key and certificate. The entityID is also important as that will be given to the IDP as the key for your Service Provider. 

4. Register With IDP

The last step is to register your Service Provider with your IDP.  The information that will need to be sent to the IDP is the certificate that was generated (not the private key), and the entityID from the ApplicationOverride section of the configuration file we edited.

5. Test The Connection

Like with your first Shibboleth configuration, setup a page that will redirect to the IDP login page, and make sure a valid redirect happens after a correct login.  If you have any issues check the log files under the C:\opt\shibboleth-sp\var\log\shibboleth folder.  This can give valuable information on why your configuration isn’t working.

I recently completed a project that needed to have Joomla use SEO friendly URL's on IIS 7.  The main goal was to get this to work with Microsoft URL Rewrite Module for IIS 7.0 Go Live. Doing some research I could not find any tutorials on this, or if anyone had succeeded.  Joomla is PHP based and Apache friendly and I am a .NET Developer so I hope you felt my pain through this learning process.  Joomla has built in SEF (Search Engine Friendly) functionality but works flawlessly on Apache, IIS on the other hand it is a different story.  Joomla uses the htaccess file if the website resides on an Apache server.  IIS doesn't use the htaccess file and therefore can not get the desired results we want.

Joomla Configuration

Default Joomla URL

This disadvantage of this url is it is long, hard to read to the human eye, and not search engine friendly, meaning it might never be indexed.

SEF Joomla URL (htaccess disabled)

http://www.mydotnetworld.com/index.php/content/view/5/6/

To enable this you can log into the admin and navigate to Site > Global Configuration.  On the right side you will see a area called "SEO Settings".  Turn "Search Engine Friendly Urls" to on. 

The disadvantage to this approach is it had index.php in the url.  I have read somewhere that it doesn't hurt search engine indexing, which may be true, but if you can fix that for user display it is a must.

SEF Joomla URL (htaccess enabled)

http://www.mydotnetworld.com/content/view/5/6/

If you want to remove the index.php from the URL and you are on Apache you may select the second option under "SEO Settings".  Ignore the warning by "Use Apache mod_rewrite" and turn it on.  I haven't tested this on Apache but it seems to remove the index.php mysteriously as I do not have much knowledge of PHP and how Joomla removes this.  IIS does not have the ability to read the htaccess file, and rewrite rules in it.

SEF Joomla URL with SH404SEF (htaccess enabled)

http://www.mydotnetworld.com/philosophy/marketing/web-strategy

I tried numerous plugins but could not get the desired result I wanted.  The one I finally got working was SH404SEF.  As you can see the above url is much cleaner and easier to read.  This result was accomplished from the above steps.  Yes, even turning on the htaccess option.  When installing this plugin make sure it is enabled.

The last step is to enable the actual rewriting of the page to the correct URL.  I copied the rules from the htaccess file provided by Joomla.  The bold one I could not import into IIS as it could not read the syntax, but works regardless of this rule.  So if anyone has a work around please add a comment.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

IIS 7 Configuration

You will need to install the Microsoft URL Rewrite Module for IIS 7.0 Go Live and FastCgi.  Go to your website directory in IIS and make sure you are in features view.  Double click the "URL Rewrite" icon under the IIS section.

Once in the url rewrite section there is an option to "Import rules..." on the sidebar.