I am setting up SSO for my users on a Windows Server 2016 with Shibboleth 3.6 as an IDP. I have claimed the domain in my SP settings and have the Idp metadata uploaded on the SP as well the SP metadata saved on my Shibboleth/ metadata folder. When I try to sign in with my domain on the SP, it redirects but then the webpage says "This site can't be reached" It seems to me that the Idp URL is not accessible. How can I host my Idp page on the Windows Server machine? I have the Apache Tomcat 9.0 installed on the system as well and would like to use it for the IDP page.
I think your browser (PC) can not connect to IdP web page.
Maybe DNS problem or IdP server port not be open.
Related
I am getting error when using below line from itfoxtec-identity-saml2 library. When i am on localhost and usin iisexpress, it works with proxy server id,password & port i.e. 127.0.0.0 / port. But when i load the application on companies IIS server [no internet], i get below error
return ReadIdPSsoDescriptor(webClient.DownloadString(idPMetadataUrl));
webClient.DownloadString(idPMetadataUrl) is giving below error.
Access Denied (authentication_failed)
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.
Why I need internet on the IIS server? & what proxy settings I should provide in prod release which will go on IIS where there is no internet connection.
When loading the application on the IIS server what application pool I should set to the application [.net core 3.1 web-based application which will be hosted on AWS ec2 windows system] & under IIS authorization which mechanism I should select [windows/anonymous ?]. I am currently using SAML so selected anonymously.
Please guide, thanks in advance !!
You have configured to download the IdP metadata online, therefor your server need access to the place where the IdP metadata is hosted. Alternatively, you can download the metadata manually and place it as a file on the server.
I'm having a weird issue in IIS 10. I have a website that is public facing website and hosted in AWS. The website can browse thru http, but when browse in https it's prompt to ask for credential. If I click on cancel will get 401 unauthorized.
The SSL is get from win-acme.v2.1.6.773.x64.pluggable
Able to access in http
Cannot access in https
Given full control to Application Pool Identity
Given full control to Everyone as well
Anonymous authentication is the only enabled and tried IUSR and Application Pool Identity also failure
I've figured the issue is because of the newly installed Windows Admin Center and cause all the https (443) port route to Admin Center which redirect all the https to Admin Center site.
Do take not that after uninstall the Windows Admin Center, the 443 port is still reserved and cause the https get 503 error. There is another step to unreserved those 443 port by following https://stackoverflow.com/a/50103815/13356372 answer.
I have a website host on IIS 10 and installed wild card SSL. The website is working fine on all other machines and on the server as well. When i access it on my window 10 machine, it is asking to confirm the security certificate and credentials. If i press the ok button the site went to 403 Forbidden error.
This issue was related to the server. My Hosting provider has made the following changes at IIS.
IIS -> Websites -> Go to website -> SSL settings
client certificate to ignore
I have a java web application which I am trying to host on a home computer running windows server 2012. I have configured it so that Apache and Tomcat communicate with each other and I am able to access the website fine. The issue arrises when the form that I built asks the user to log in to Microsoft for Outlook REST API. After logging in, microsoft gives an error and will not redirect, because it is only compatible with a "secure scheme". How can I set up my server to be a "secure scheme"? I included a screen shot of the error page:
Secure Scheme = "HTTPS". You need to secure your site with an SSL certificate.
Members,
I am encountering an issue when trying to use Windows Authentication and an SSL Certificate.
I am trying to move a Web application from a Windows Server 2003 virtual server (IIS 6.0) to a Windows Server 2012 R2 Virtual server (IIS 8.0).
I ported the application to our new UAT server and all seemed to work fine until I installed an SSL Certificate on the web server. After that, SOME users in Europe are having problems with the Windows Authentication. The application is seeing their AUTH_USER variable populated but are continually propped to login again and again.
If they access the site with HTTP instead of HTTPS it works fine.
For myself and other testers in the US, it works fine with HTTPS or HTTP.
I have the following Authentication features set.
Server Level:
Anonymous Authentication = Enabled
Windows Authentication = Enabled
Providers: Negotiate (First Option) NTLM (Second Option)
Site Level:
Anonymous Authentication = Disabled
Windows Authentication = Enabled
Providers: Negotiate (First Option) NTLM (Second Option)
This application is used within my companies local IntraNet.
The certificate was generated by corporate IT tool.
Any suggestions would be appreciated.
Rich
My problem was solved by changing the permissions on the folder.
Refer to https://serverfault.com/questions/462100/iis-8-folder-url-and-permissions
I used the option to add the 'Everyone' User/Group
Everyone selection