Install Shibboleth Service Provider on Linux
Converting CUWebAuth to Shibboleth(Apache)
## Shib redirect to SSL
ShibRequestSetting redirectToSSL 443
## use Shibboleth to authenticate and authorize access
AuthType shibboleth
require shib-attr groups rg.aad.employee.staff AAD-Colleagues
## Allow current students
require shib-attr groups rg.cuniv.student
## Allow special netid access for Hugh, Rich and Eric (Meida3)
require shib-attr uid he22 rjm2 ers323
CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
|---|---|---|
| AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1
| |
| Require valid-user | Require valid-user | |
| Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
| Require permit myPermit | Require shib-attr groups myPermit *Group membership is not released by default. Please specify group name in shibboleth integration form | |
| Require noprompt | Not supported |
To understand the old CUWebAuth syntax, read Restricting and Opening Access to Your Site
Following directives can be simply deleted:
AuthName Cornell
CUWAKerberosPrincipal
CUWAWebLoginURL
CUWAKeytab
CUWAsessionFilePath