Versions Compared

Old Version 1

changes.mady.by.user Lin Xue

Saved on

compared with

New Version 2

changes.mady.by.user Lin Xue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Install Shibboleth Service Provider on Linux

Converting CUWebAuth to Shibboleth(Apache)

Code Block
languagebash
## Shib redirect to SSL
    ShibRequestSetting redirectToSSL 443

## use Shibboleth to authenticate and authorize access
	AuthType shibboleth
   require shib-attr groups rg.aad.employee.staff AAD-Colleagues 
## Allow current students   
   require shib-attr rg.cuniv.student
## Allow special netid access for Hugh, Rich and Eric (Meida3)
   require shib-attr uid he22 rjm2 ers323
CUWebAuth
Shibboleth(shib.conf)
Shibboleth(shibboleth2.xml)
AuthType all

AuthType shibboleth

ShibRequestSetting requireSession 1

Require shib-session

 
Require valid-userRequire valid-user 
Require netid netid1 netid2

Require  shib-attr uid netid1 netid2

 
Require permit myPermit

Require  shib-attr groups myPermit

*Group membership is not released by default. Please specify group name in shibboleth integration form

 
Require nopromptNot supported 

 

 

To understand the old CUWebAuth syntax, read Restricting and Opening Access to Your Site

...