Versions Compared

Old Version 83

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 84

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleWhat is the EntityID for the Cornell Identity Provider?Click here to expand...

Prod IDP: https://shibidp.cit.cornell.edu/idp/shibboleth

Test IDP: https://shibidp-test.cit.cornell.edu/idp/shibboleth

...

Expand
titleDoes the Cornell Identity Provider provide a logout service?
No. Our IdP doesn't support logout because our credentials stick around until you close your browser. We usually recommend that you give the user instructions to quit the browser if they want to log out. Recently one of our vendors hooked up their logout button to a page that gives instructions – see example.
Expand
titleDoes Cornell Shibboleth work with Weill Cornell Medical school CWIDs?
No. Weill Medical school has its own Identity Provider. If your application service provider supports multiple Identity Providers, a separate integration request can be sent to Weill Medical IT.
Expand
titleDoes Cornell Shibboleth

...

work with GuestIDs?
No. Cornell IDP only support Cornell NetID login.
Expand
titleDoes the Cornell Identity Provider provide High Availability?
Yes, the Identity Provider is behind the load balancer which provides load balancing and failover.
Expand
titleWhat attributes does the Cornell Identity Provider Release?

Currently we release the following public attributes. Other attributes are available but must be configured - please send email to idmgmt@cornell.edu if you don't see the attribute you are looking for.

Majority of Service Providers use Attribute Name In SAML Assertion(value in second column) to map to the attribute in their system, but some service providers use Friendly name in SAML Assertion.

AttributeNameInEnterpriseDirectoryAttribute Name In SAML AssertionAttribute Friendly Name in SAML Assertion
edupersonprimaryaffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.5edupersonprimaryaffiliation

cn(commonName)

urn:oid:2.5.4.3cn
eduPersonPrincipalName (netid@cornell.edu)urn:oid:1.3.6.1.4.1.5923.1.1.1.6eduPersonPrincipalName
givenName (first name)urn:oid:2.5.4.42givenName
sn(last name)urn:oid:2.5.4.4sn
displayNameurn:oid:2.16.840.1.113730.3.1.241displayName
uid (netid)urn:oid:0.9.2342.19200300.100.1.1uid
eduPersonOrgDNurn:oid:1.3.6.1.4.1.5923.1.1.1.3eduPersonOrgDN
mailurn:oid:0.9.2342.19200300.100.1.3mail
eduPersonAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.1eduPersonAffiliation
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9eduPersonScopedAffiliation
eduPersonEntitlementurn:oid:1.3.6.1.4.1.5923.1.1.1.7eduPersonEntitlement

TransientId is the default NameID.

 

Can I get a Cornell NetID to test with?

...