...
Expand | ||
---|---|---|
| ||
Please snap shot your Windows server before you make any changes. When integrating your website with Shibboleth, you will need to submit a Shibboleth integration request form. After IDM receive the request, your SP's metadata will be configured in Cornell Identity Provider(IDP). It may take as long as one business for IDM to complete your request. Before your SP's metadata is loaded in IDP, shibboleth authentication won't work. To avoid the long down time of your production website, we recommend you make the transition in two steps and make the changes during maintenance hours. <ISAPI normalizeRequest="true" safeHeaderNames="true"> <! – <Site id="1" name="shibtest1.cit.cornell.edu"/ > --> <! – <Site id="2" name="shibtest2.cit.cornell.edu"/ > → </ISAPI>
|
Expand | ||
---|---|---|
| ||
By default, Shibboleth attributes that released to your shibboleth SP are available to your application as server variables, not available in HTTP headers. But not all the server/module expose custom server variables to application, for example .asp. It's dangerous using HTTP headers. If you have to get Shibboleth attributes from HTTP header, you could enable it by adding useHeaders=”true” in <ISAPI tag>. In your application, you should always get authenticated user's netID from server variable REMOTE_USER. Detail and examples about attribute access https://wiki.shibboleth.net/confluence/display/SP3/AttributeAccess SpoofChecking if using HTTP headers https://wiki.shibboleth.net/confluence/display/SP3/SpoofChecking |
...