...
- CUWebAuth Portal Permit: <Location /CUWAPortal/Permit>
Suggestion: Your application need to query Active Directory directly to get group membership. - CUWAInquire
Suggestion: Your application need to query Active Directory directly to get group membership. - CUWebAuth Portal Proxy: <Location /CUWAPortal/Proxy>
We need to know your application before we can offer any suggestion. - CUWebAuth DavLogin: SetHandler cuwa_davlogin
...
| CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
|---|---|---|
| AuthName Cornell | Delete it | |
| AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1 | |
| Require valid-user | Require valid-user | |
| Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
| Require permit permit myPermit | Require shib-attr groups myPermit | |
| Require noprompt | Not supported | |
| CUWA2FARequire all | ShibRequestSetting authnContextClassRef http://cornell.edu/mfa | |
| CUWA2FARequire permit-name1 permit-name2 | Not supported in Shibboleth SP. But can be supported in Shibboleth IDP. Please specify your requirement in shibboleth integration request form | |
| CUWACredentialAge | <Sessions lifetime= ... > | |
| CUWAinactivityTimeout | <Sessions ... timeout=...> | |
| Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-login | ShibRequestSetting forceAuthn true | |
CUWAwak2Name CUWAwaK0Realms |
Following directives can be simply deleted:
AuthName Cornell
CUWAKerberosPrincipal
CUWAWebLoginURL
CUWAKeytab
CUWAsessionFilePath