Yup, we got this sorted out by duplicating the files in the root directory
with two dlls in each directory. Make sure to add a new line in ISAPI and
CGI Restrictions in IIS with the execute permission for the .dll file in
the new directory that will be protected by Shibboleth. I think the alias
should also work but we havenıt tried it.
~Bohyun
On 8/20/14, 1:06 PM, "Jonathan Rochkind" <[log in to unmask]> wrote:
>I haven't done this, but have been thinking about it. I _think_ what the
>docs mean, is you can create an Alias in IIS (is that what IIS calls
>it?) for the same directory, so you have two different paths appearing
>to IIS (one of which can be protected with Shibboleth, the other one
>not) but you don't actually need to copy the directories, it's the same
>files on disk.
>
>I haven't tried this yet though. I agree the documentation is
>unfortunately parsimonious.
>
>On 8/18/14 3:52 PM, Kim, Bohyun wrote:
>> Hi all,
>>
>> Looking for some advice from those who are familiar with either
>>Shibboleth and/or ILLiad.
>>
>> Did anyone implement both remoteAuth through Shibboleth and basic local
>>ILLiad login for different groups of users? The sparse documentation on
>>this on ILLiad site seems to suggest two separate directories (with two
>>separate illiad.dll(s)?? ) and one directory to be the value of
>>RemoteAuthWebPathı as well as the value of the Shibboleth
>>configuration.xml pathı field. We are not sure what each of the two
>>directories is supposed to contain and whether they are supposed to be
>>the exact duplicate of the other.
>>
>>
>>https://prometheus.atlas-sys.com/display/illiad/RemoteAuth+Authentication
>> ³You can enable RemoteAuth authentication for a particular web
>>directory while still keeping a separate web directory for users to
>>register themselves via Basic ILLiad authentication. The
>>RemoteAuthWebPath would be the directory controlled by remote
>>authentication while the WebPath key (Web Interface | System | WebPath)
>>would have the directory not controlled by remote authentication.
>>RemoteAuthSupport being set to Yes would tell ILLiad to check the
>>directory and then know if the user should be authenticated remotely or
>>by ILLiad."
>>
>> Any advice from those who have tried this would be greatly appreciated.
>>
>> Thanks!
>> Bohyun
>>
>>
|