Experiencing the same thing. Were turning off modules one by one until the only one left was Sitecore.Nexus. Disabling the Nexus Http helped but of course now Sitecore doesn't do its thing - nobody calls into the httpRequestBegin pipeline. I filed a support ticket (#441380). Will let you know if I hear anything back
> Experiencing the same thing. Were turning off modules one by one until the
> only one left was Sitecore.Nexus. Disabling the Nexus Http helped but of
> course now Sitecore doesn't do its thing - nobody calls into the
> httpRequestBegin pipeline. I filed a support ticket (#441380). Will let you
> know if I hear anything back
I think we'll be working on an IIS7 module in 2015-16 which might help. Or might not, I don't know. Generally it's a problem if something consumes the POST and then the SP needs to consume it.
Can't the module be told not to process certain requests?
Well, Sitecore.Nexus.HttpModule is the main entry point for all HTTP request. The code for that one is obfuscated (that assembly also handles licensing) but I read enough through the control flow obfuscation to spot Request.Form in there.
We started by turning off all processes that the module calls into but Shibboleth would still report error 500. Only then did I start looking inside the HttpModule itself. If I confirm that it reads the stream BEFORE it passes the control off to the "application" logic there's not much we can do without replacing the module.
I will provide their support with all the details. Maybe they can send us a patch. I will keep everyone on this list posted of course.
Sitecore Support provided a patch (you can request it if you refer to Sitecore.Support.370128.dll) that basically allows one to define "absolute" ignore URL patterns. The patch adds another HTTP Module that you put in front of the main Nexus HttpModule. This new module will "silence" the main one for those absolute ignore URLs. We just dropped it in, configured using their guidelines, and Shibboleth's handler can now see the SAML POST data.