...
- CUWebAuth Portal Permit: <Location /CUWAPortal/Permit>
Suggestion: Your application need to query Active Directory directly to get group membership. - CUWAInquire
Suggestion: Your application need to query Active Directory directly to get group membership. - CUWebAuth Portal Proxy: <Location /CUWAPortal/Proxy>
We need to know your application before we can offer any suggestion. - CUWebAuth DavLogin: SetHandler cuwa_davlogin
...
CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
---|---|---|
AuthName Cornell | Delete it | |
AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1 | |
Require valid-user | Require valid-user | |
Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
Require permit permit myPermit | Require shib-attr groups myPermit | |
Require noprompt | Not supported | |
CUWA2FARequire all | ShibRequestSetting authnContextClassRef http://cornell.edu/mfa | |
CUWA2FARequire permit-name1 permit-name2 | Not supported in Shibboleth SP. But can be supported in Shibboleth IDP. Please specify your requirement in shibboleth integration request form | |
CUWACredentialAge | <Sessions lifetime= ... > | |
CUWAinactivityTimeout | <Sessions ... timeout=...> | |
Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-login | ShibRequestSetting forceAuthn true | |
CUWAwak2Name CUWAwaK0Realms |
Following directives can be simply deleted:
AuthName Cornell
CUWAKerberosPrincipal
CUWAWebLoginURL
CUWAKeytab
CUWAsessionFilePath