...
If you are integrating test instance of your application, please point it to Cornell IDP test instance. Test IDP's metadata can be accessed from https://shibidp-test.cit.cornell.edu/idp/shibboleth
IDP Certificate
https://confluence.cornell.edu/display/SHIBBOLETH/IDP+certificate
...
Test IDP login URL(Redirect binding): https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/Redirect/SSO
Does the Cornell Identity Provider provide a logout service?
...
Does Cornell Shibboleth work with GuestIDs?
No. For more information, please contact the Identity Management team by emailing idmgmt@cornell.edu.Cornell IDP only support Cornell NetID login.
Does the Cornell Identity Provider provide High Availability?
...
AttributeNameInEnterpriseDirectory | Attribute Name In SAML Assertion | Attribute Friendly Name in SAML Assertion |
---|---|---|
edupersonprimaryaffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | edupersonprimaryaffiliation |
cn(commonName) | urn:oid:2.5.4.3 | cn |
eduPersonPrincipalName (netid@cornell.edu) | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName |
givenName (first name) | urn:oid:2.5.4.42 | givenName |
sn(last name) | urn:oid:2.5.4.4 | sn |
displayName | urn:oid:2.16.840.1.113730.3.1.241 | displayName |
uid (netid) | urn:oid:0.9.2342.19200300.100.1.1 | uid |
eduPersonOrgDN | urn:oid:1.3.6.1.4.1.5923.1.1.1.3 | eduPersonOrgDN |
urn:oid:0.9.2342.19200300.100.1.3 | ||
eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation |
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation |
eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement |
...
TransientId is the default NameID.
...