| CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
|---|---|---|
| AuthName Cornell | Delete it | |
| AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1 | |
| Require valid-user | Require valid-user | |
| Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
| Require permit myPermit | Require shib-attr groups myPermit | |
| Require noprompt | Not supported | |
| CUWA2FARequire all | ShibRequestSetting authnContextClassRef http://cornell.edu/mfa | |
| CUWA2FARequire permit-name1 permit-name2 | Not supported in Shibboleth SP. | |
| CUWACredentialAge | <Sessions lifetime= ... > | |
| CUWAinactivityTimeout | <Sessions ... timeout=...> | |
| Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-login | ShibRequestSetting forceAuthn true |