Follow the instruction here to allow both Cornell NetID user and Weill Medical ID user to login to your site:
- In shibboleth2.xml, add Weill Medical IDP's metadata define inside <ApplicationDefaults .. > block
<MetadataProvider type="XML" validate="true"
url="https://login.weill.cornell.edu/idp/saml2/idp/metadata.php"
backingFilePath="weill-idp.xml" maxRefreshDelay="7200" />
Add Cornell IDP's metadata if it is not defined yet
<MetadataProvider type="XML" validate="true"
url="https://shibidp.cit.cornell.edu/idp/shibboleth"
backingFilePath="cornell-idp.xml" maxRefreshDelay="7200" /> - In shibboleth2.xml, find <SSO ..> tag which is inside <Sessions> block and replace it with:
...