IIS divides a Web Host into Sites, each of which has a Site ID. The ID for your site can be found by clicking on the 'Web Sites' folder in IIS Manager and looking at the 'Identifier' column of the web site. Within the <InProcess> element, the <ISAPI> element must contain a <Site>element that matches the site ID and hostname of your SP. You should also include scheme="https" and port="443" to ensure the redirects are created correctly. For example, site 1 of shibbox.unit.ox.ac.uk would be configured as follows:
<Site id="1" name="shibbox.unit.ox.ac.uk" scheme="https" port="443"/>
Within the <RequestMapper> element, the <RequestMap> element contains a <Host> element that should be changed:
<Host name="sp.example.org">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
"sp.example.org" should be changed to the name of your new service provider, "shibbox.unit.ox.ac.uk" in this case. Note that the Path 'name' attribute is a mapping to the folder containing files that are to be protected by Shibboleth.
Change the entityId attribute of the <ApplicationDefaults> element to the "Entity ID" value of your SP:
<ApplicationDefaults entityId="https://sp.example.org/shibboleth" REMOTE_USER="eppn persistent-id targeted-id">
<!-- NOTE: Content omitted here for simplicity: do NOT remove contained elements -->
</ApplicationDefaults>
For this example substituting "sp.example.org" with "shibbox.unit.ox.ac.uk" will suffice.
This can be found within the <ApplicationDefaults> element, and should be changed to the following:
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem" checkAddress="false" handlerSSL="true" cookieProps="https" redirectLimit="exact">
If you want to authenticate people from the wider UK Federation, see the Federated Access Section, otherwise to authenticate people directly using Oxford Single Sign-On, follow the Oxford-Only Access Section.