Versions Compared

Old Version 84

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 85

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleWhat attributes does the Cornell Identity Provider Release?

Currently we release the following public attributes. Other attributes are available but must be configured - please send email to idmgmt@cornell.edu if you don't see the attribute you are looking for.

Majority of Service Providers use Attribute Name In SAML Assertion(value in second column) to map to the attribute in their system, but some service providers use Friendly name in SAML Assertion.

AttributeNameInEnterpriseDirectoryAttribute Name In SAML AssertionAttribute Friendly Name in SAML Assertion
edupersonprimaryaffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.5edupersonprimaryaffiliation

cn(commonName)

urn:oid:2.5.4.3cn
eduPersonPrincipalName (netid@cornell.edu)urn:oid:1.3.6.1.4.1.5923.1.1.1.6eduPersonPrincipalName
givenName (first name)urn:oid:2.5.4.42givenName
sn(last name)urn:oid:2.5.4.4sn
displayNameurn:oid:2.16.840.1.113730.3.1.241displayName
uid (netid)urn:oid:0.9.2342.19200300.100.1.1uid
eduPersonOrgDNurn:oid:1.3.6.1.4.1.5923.1.1.1.3eduPersonOrgDN
mailurn:oid:0.9.2342.19200300.100.1.3mail
eduPersonAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.1eduPersonAffiliation
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9eduPersonScopedAffiliation
eduPersonEntitlementurn:oid:1.3.6.1.4.1.5923.1.1.1.7eduPersonEntitlement

TransientId is the default NameID.

...

Expand
titleCan I get a Cornell NetID to test with?
If you don't already have a Cornell NetID, you might be able to obtain an exception with sponsor NetID. Please talk to the person who is your contact at Cornell, or email idmgmt@cornell.edu.

Do you have a list of sites that are currently using Shibboleth authentication at Cornell?

List of sites currently configured with a Shibboleth SP for authentication and authorization with a Cornell NetID. You can try some of these sites to see what a Shibboleth login looks like. If you are already logged in with your NetID, you may not notice anything except a slight delay. To view the login process in full, exit your browser first to clear your CUWebLogin information.

Service Provider Installation

Installing the How to install Shibboleth Service Provider is a little bit more involved than installing CUWebAuth. We are still developing Cornell specific documentation for installation, and we would appreciate your contributions to this wiki!on Windows

There are at least four choices for Service Provider installation.We have experimented with the C version and links to our notes are included here. As we try other versions we will update this site.

...