Sitecore HttpModule on IIS vs. Shib

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Sitecore HttpModule on IIS vs. Shib

Christopher Bongaarts
Has anyone using IIS with Sitecore's HttpModule and the Shib SP run into the disappearing POST data problem?

The symptom is this message in shibd.log when a SAML response is POSTed:

  Error reading request body from browser (2746).

This would be similar to the issue with the radcompression module discovered in this thread:

  http://shibboleth.net/pipermail/users/2012-January/002476.html

Just wondering if anyone else had stumbled across it and knows more about the workings of Sitecore to say whether there is some config option to make it stop swallowing the POST data.
-- 
%%  Christopher A. Bongaarts   %%  [hidden email]          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Sitecore HttpModule on IIS vs. Shib

pveller
Experiencing the same thing. Were turning off modules one by one until the only one left was Sitecore.Nexus. Disabling the Nexus Http helped but of course now Sitecore doesn't do its thing - nobody calls into the httpRequestBegin pipeline. I filed a support ticket (#441380). Will let you know if I hear anything back
Reply | Threaded
Open this post in threaded view
|

RE: Sitecore HttpModule on IIS vs. Shib

Cantor, Scott E.
> Experiencing the same thing. Were turning off modules one by one until the
> only one left was Sitecore.Nexus. Disabling the Nexus Http helped but of
> course now Sitecore doesn't do its thing - nobody calls into the
> httpRequestBegin pipeline. I filed a support ticket (#441380). Will let you
> know if I hear anything back

I think we'll be working on an IIS7 module in 2015-16 which might help. Or might not, I don't know. Generally it's a problem if something consumes the POST and then the SP needs to consume it.

Can't the module be told not to process certain requests?

-- Scott

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Sitecore HttpModule on IIS vs. Shib

pveller
Well, Sitecore.Nexus.HttpModule is the main entry point for all HTTP request. The code for that one is obfuscated (that assembly also handles licensing) but I read enough through the control flow obfuscation to spot Request.Form in there.

We started by turning off all processes that  the module calls into but Shibboleth would still report error 500. Only then did I start looking inside the HttpModule itself. If I confirm that it reads the stream BEFORE it passes the control off to the "application" logic there's not much we can do without replacing the module.

I will provide their support with all the details. Maybe they can send us a patch. I will keep everyone on this list posted of course.
Reply | Threaded
Open this post in threaded view
|

RE: Sitecore HttpModule on IIS vs. Shib

pveller
Sitecore Support provided a patch (you can request it if you refer to Sitecore.Support.370128.dll) that basically allows one to define "absolute" ignore URL patterns. The patch adds another HTTP Module that you put in front of the main Nexus HttpModule. This new module will "silence" the main one for those absolute ignore URLs. We just dropped it in, configured using their guidelines, and Shibboleth's handler can now see the SAML POST data.