Versions Compared

Old Version 25

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 26

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Open shibboleth2.xml, add Weill Medical IDP's metadata resolver inside <ApplicationDefaults .. > block

    Code Block
     <MetadataProvider type="XML" validate="true"
                url="https://login.weill.cornell.edu/idp/saml2/idp/metadata.php"
               backingFilePath="weill-idp.xml" maxRefreshDelay="7200" />

  • In shibboleth2.xml, find <SSO entityID=..> tag which is inside <Sessions> block and replace it with:

    Code Block
    <SSO discoveryProtocol="SAMLDS"  discoveryURL="https://shibtest.cit.cornell.edu/loginloginSelection.aspx">SAML2</SSO>

    loginloginSelection.aspx is a login page that you need to build(see below). You can name it what ever you like and host it on the same server or a different server. In this example, we name it loginloginSelection.aspx and store it at root of the site https://shibtest.cit.cornell.edu. Make sure your login selection page doesn't require authentication. 

  • Set up login selection page that allow user to choose "Cornell NetID" or "Weill Medical ID" to login. The design of the page is totally up to you. Here is an example:

...

When user access your site that require authentication, user will be redirected to this login page. Here is the example of redirect url to your login page: https://shibtest.cit.cornell.edu/loginloginSelection.aspx?entityID=shibtestsites.cit.cornell.edu&return=https%3A%2F%2Fshibtest.security.cucloud.net%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26target%3Dss%253Amem%253Abb98939caf6a03915ab8b6df13e6b5bb21f40bcec0319d0c8735bb5f91adba44

The redirect url contains a url parameter "return". Your login page need to get the value of the return parameter, then append the entityID of the corresponding IDP to that value. That forms the redirect url that you will send user to.

User ChooseRedirect user to url
Cornell NetIDThe value of return parameter&entityID=https%3A%2F%2Fshibidp.cit.cornell.edu%2Fidp%2Fshibboleth
WeillMedical IDThe value of return parameter&entityID=https%3A%2F%2Flogin.weill.cornell.edu%2Fidp
  • Register your SP's metadata with InCommon. If you haven't submitted Shibboleth integration form yet, just mention your site also need to authenticate with Weill Medical IDP in the form. If you already submitted the form, send your request to idmgmt@cornell.edu. Please also mention your website url in the request. Once we receive your request, we'll register your SP's metadata with InCommon.

...