...
Open shibboleth2.xml, add Weill Medical IDP's metadata resolver inside <ApplicationDefaults .. > block
Code Block <MetadataProvider type="XML" validate="true" url="https://login.weill.cornell.edu/idp/saml2/idp/metadata.php" backingFilePath="weill-idp.xml" maxRefreshDelay="7200" />In shibboleth2.xml, find <SSO entityID=..> tag which is inside <Sessions> block and replace it with:
Code Block <SSO discoveryProtocol="SAMLDS" discoveryURL="https://shibtest.cit.cornell.edu/login.aspx">SAML2</SSO>
login.aspx is a login page you need to build(see below). You can name it what ever you like and host it on the same server or a different server. In this example, we name it login.aspx and store it at root of the site https://shibtest.cit.cornell.edu. Make sure your login page doesn't require authentication.
- Set up login page that allow user to choose "Cornell NetID" or "Weill Medical ID" to login. The design of the page is totally up to you. Here is an example:
What's the url should I send user to after use choose the login type?
...