Page History

Please If possible snap shot your Windows server before you make any changes.

When integrating your website with Shibboleth, you will need to submit a Shibboleth integration request form. After IDM receive the request, your SP's metadata will be configured in Cornell Identity Provider(IDP). It may take as long as one business for IDM to complete your request. Before your SP's metadata is loaded in IDP, shibboleth authentication won't work. To avoid the long down time of your production website, we recommend you make the transition in two steps and make the changes during maintenance hours.
1. Prepare your Windows server for Shibboleth authentication: Follow our instruction to install and configure shibboleth SP.  After you get your SP's metadata, copy shibboleth2.xml to shibboleth2-good.xml. Then edit shibboleth2.xml, comment out all your Site define inside <ISAPI > block, save the file. Restart shibboleth daemon and IIS server. This change will disable shibboleth authentication for your site. Submit your shibboleth integration request form.

          

<ISAPI normalizeRequest="true" safeHeaderNames="true">


                   <! – <Site id="1" name="shibtest1.cit.cornell.edu"/ > -->
<! – <Site id="2" name="shibtest2.cit.cornell.edu"/ > →
 

         </ISAPI>


2. After IDM load your SP's metadata in IDP, go back to your server. Copy shibboleth2-good.xml to shibboleth.xml, delete CUWebAuth config from IIS handler mapping. Restart shibboleth daemon and IIS.