...
CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
---|---|---|
AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1
| |
Require valid-user | Require valid-user | |
Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
Require permit myPermit | Require shib-attr groups myPermit *Group membership is not released by default. Please specify group name in shibboleth integration form | |
Require noprompt | Not supported | |
CUWA2FARequire all |
ShibRequestSetting authnContextClassRef https: //refeds.org/profile/mfa <RequireAll> Require shib-session </RequireAll> Apache 2.2 ShibRequestSetting authnContextClassRef https: //refeds.org/profile/mfa ShibRequireAll on ShibCompatWith24 on
Require authnContextClassRef "https://refeds.org/profile/mfa" | |
CUWA2FARequire permit-name1 permit-name2 | Not supported in Shibboleth SP. But can be supported in Shibboleth IDP. Please specify your requirement in shibboleth integration request form | |
CUWACredentialAge | <Sessions lifetime= ... > | |
CUWACredentialAge 0 or low value (the purpose is force forcing user to re-login) | ||
CUWAinactivityTimeout | <Sessions ... timeout=...> | |
Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-login |
| |
CUWAwak2Name CUWAwaK0Realms | If your site supports GuestID login, there is no special configuration needed on your end. You just need to indicate that in Shibboleth integration request form. If your site supports Weill Medicine CWID login, please read: | |
CUWAInquire | When CUWAInquire is defined in CUWebAuth, your application probably retrieve user's group from server variable CUWA_GROUPS. When you convert it to shib, let us know the group names your application need to know in Shibboleth integration request form. Then your application can retrieve user's group from server variable "groups" |
...