Versions Compared

Old Version 6

changes.mady.by.user Hong Ye

Saved on

compared with

New Version 7

changes.mady.by.user Hong Ye

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CUWebAuthShibboleth(shib.conf)Shibboleth(shibboleth2.xml)
AuthName CornellDelete it 
AuthType all

AuthType shibboleth

ShibRequestSetting requireSession 1

 
Require valid-userRequire valid-user 
Require netid netid1 netid2

Require  shib-attr uid netid1 netid2

 
Require permit myPermitRequire  shib-attr groups myPermit 
Require nopromptNot supported 
CUWA2FARequire allShibRequestSetting authnContextClassRef http://cornell.edu/mfa 
CUWA2FARequire permit-name1 permit-name2Not supported in Shibboleth SP.  But can be supported in Shibboleth IDP. Please specify your requirement in shibboleth integration request form 
CUWACredentialAge <Sessions lifetime= ... >
CUWAinactivityTimeout <Sessions  ... timeout=...>
Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-loginShibRequestSetting forceAuthn true 

CUWAwak2Name

CUWAwaK0Realms

 

If your site supports GuestID login, there is no special configuration needed on your end. You just need to indicate that in Shibboleth integration request form.

If your site supports Weill Medicine CWID login, please read:

Login with Cornell NetID and Weill Cornell CWID

 

Following directives can be simply deleted:

...

CUWAWebLoginURL

CUWAKeytab

CUWAsessionFilePath