Page tree
Skip to end of metadata
Go to start of metadata

FastCGI SP Application

The FastCGI Application consists of 2 modules:

  • A FastCGI responder (shibresponder) that handles the HandlerURL
  • A FastCGI authorizer (shibauthorizer) that acts as a filter and does the usual (authN, export assertions and authZ).

Bellow is a sample lighttpd snip of the configuration needed to get this to work:

server.name = "your_server_name"
 
server.document-root = "/servers/tags/www/"
 
fastcgi.server  = (
      "/Shibboleth.sso" => (("socket" => "/tmp/fcgi-resp.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibresponder", "check-local" => "disable", "mode" => "responder")),
      "/"   => (("socket" => "/tmp/fcgi-auth.sock", "bin-path" => "/servers/sapo-sp/lib/shibboleth/shibauthorizer", "check-local" => "disable", "mode" => "authorizer")),
      ".php" => (( "socket" => "/tmp/fgci-php.sock", "broken-scriptfilename" => "enable", "mode" => "responder"))
)

If using lighttpd you need to be running v1.4.42 or higher (that fixed their issue #322), as included in e.g. EPEL for CentOS 6, Debian 9, Ubuntu 18.04.

See also the Nginx topic.



  • No labels