Shibboleth authenticated user attributes are missing from $_SERVER array of PHP on IIS Window 10 (V10.0.14393.0)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Shibboleth authenticated user attributes are missing from $_SERVER array of PHP on IIS Window 10 (V10.0.14393.0)

I am working on php codeigniter base web application and implementing Shibboleth by installing the shibboleth-sp- on window 10 with IIS V10.0.14393.0 on my personal machine.

ISAPI module is installed on IIS which is point the module in shibboleth installation C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll

The authentication process working fine and the IdP redirects back to the SP. The Shibboleth session looks OK, But the env variables are missing from $_SERVER and the existing one are empty.

I need shibboleth session variables related to authenticated user and want to save it in php session as per my application requirement. I cannot figure out how to do it in PHP on IIS.

After redirecting back form idp the the /Shibboleth/Session printout the following response data.

    Session Expiration (barring inactivity): 480 minute(s)
    Client Address:
    SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
    Identity Provider:
    Authentication Time: 2017-06-02T07:01:45.867Z
    Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:Password
    Authentication Context Decl: (none)
    identityguid: c3ec37e9-ff24-4143-be53-9526650cef34
    organisationCode: 0020051
    organisationid: 9b975206-da98-4893-a47c-e3e68b100169

And the shibd.log file have the following line

    2017-06-02 15:52:33 INFO Shibboleth.SessionCache [2]: new session created:
    ID (_3dc0307b7f78094057945aa4254b0e15)
    IdP ( Protocol(urn:oasis:names:tc:SAML:2.0:protocol)
    Address (

But the `Shib-Session-ID` and some other attributes are missing from $_SERVER array, <br>
Only get shibboleth attribute `HTTP_SHIBSPOOFCHECK` with other server related data in $_SERVER array and get the following shibboleth cookie `_shibsession_64656661756c74687474703a2f2f6465762e676f6f73656265727279706c61792e636f6d2f73686962626f6c657468`.

I want the authenticated user data in $_SERVER array, i am unable
to figure out why IIS does not mapping the attributes in $_SERVER
array. plz help me out of this issue, i am stuck here since last 3 days.

Any help in this regard will be highly appreciated, Thanks.