...
Expand | ||
---|---|---|
| ||
"Looping" refers to a situation in which an attempt to login to the SP results in a rapid cycle of redirections between the IdP and the SP with a new session created every time around. Please follow the instructions from Shibboleth WIKI page to troubleshoot. |
Expand | ||
---|---|---|
| ||
When you integrate your website with Shibboleth, you will need to submit a Shibboleth integration request. After IDM receive the request, your SP's metadata will be configured in Cornell Identity Provider(IDP). This process can take as long as one business. Before your SP's metadata is loaded in IDP, shibboleth authentication won't work. To avoid the long down time of your production website, we recommend you make the transition in two steps:
|
Expand | ||
---|---|---|
| ||
By default, Shibboleth attributes that released to your shibboleth SP are available to your application as server variables, not available in HTTP headers. But not all the server/module expose custom server variables to application, for example .asp. It's dangerous using HTTP headers. If you have to get Shibboleth attributes from HTTP header, you could enable it by adding useHeaders=”true” in <ISAPI tag>. In your application, you should always get authenticated user's netID from server variable REMOTE_USER. Detail and examples about attribute access https://wiki.shibboleth.net/confluence/display/SP3/AttributeAccess SpoofChecking if using HTTP headers https://wiki.shibboleth.net/confluence/display/SP3/SpoofChecking |
...