...
If you are integrating test instance of your application, please point it to Cornell IDP test instance. Test IDP's metadata can be accessed from https://shibidp-test.cit.cornell.edu/idp/shibboleth
IDP Certificate
https://confluence.cornell.edu/display/SHIBBOLETH/IDP+certificate
...
Test IDP login URL(Redirect binding): https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/Redirect/SSO
Does the Cornell Identity Provider provide a logout service?
...
Does Cornell Shibboleth work with GuestIDs?
No. For more information, please contact the Identity Management team by emailing idmgmt@cornell.edu.Cornell IDP only support Cornell NetID login.
Does the Cornell Identity Provider provide High Availability?
...
| AttributeNameInEnterpriseDirectory | Attribute Name In SAML Assertion | Attribute Friendly Name in SAML Assertion |
|---|---|---|
| edupersonprimaryaffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | edupersonprimaryaffiliation |
cn(commonName) | urn:oid:2.5.4.3 | cn |
| eduPersonPrincipalName (netid@cornell.edu) | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName |
| givenName (first name) | urn:oid:2.5.4.42 | givenName |
| sn(last name) | urn:oid:2.5.4.4 | sn |
| displayName | urn:oid:2.16.840.1.113730.3.1.241 | displayName |
| uid (netid) | urn:oid:0.9.2342.19200300.100.1.1 | uid |
| eduPersonOrgDN | urn:oid:1.3.6.1.4.1.5923.1.1.1.3 | eduPersonOrgDN |
| urn:oid:0.9.2342.19200300.100.1.3 | ||
| eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation |
| eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation |
| eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement |
...
TransientId is the default NameID.
...