...
Expand | ||
---|---|---|
| ||
When you integrate integrating your website with Shibboleth, you will need to submit a Shibboleth integration request. After IDM receive the request, your SP's metadata will be configured in Cornell Identity Provider(IDP). This process can It may take as long as one business for IDM to complete your request. Before your SP's metadata is loaded in IDP, shibboleth authentication won't work. To avoid the long down time of your production website, we recommend you make the transition in two steps :and do it during maintenance hours.
|
Expand | ||
---|---|---|
| ||
By default, Shibboleth attributes that released to your shibboleth SP are available to your application as server variables, not available in HTTP headers. But not all the server/module expose custom server variables to application, for example .asp. It's dangerous using HTTP headers. If you have to get Shibboleth attributes from HTTP header, you could enable it by adding useHeaders=”true” in <ISAPI tag>. In your application, you should always get authenticated user's netID from server variable REMOTE_USER. Detail and examples about attribute access https://wiki.shibboleth.net/confluence/display/SP3/AttributeAccess SpoofChecking if using HTTP headers https://wiki.shibboleth.net/confluence/display/SP3/SpoofChecking |
...