Install Shibboleth Service Provider on Linux
Converting CUWebAuth to Shibboleth(Apache)
## Shib redirect to SSL ShibRequestSetting redirectToSSL 443 ## use Shibboleth to authenticate and authorize access AuthType shibboleth require shib-attr groups rg.aad.employee.staff AAD-Colleagues ## Allow current students require shib-attr rg.cuniv.student ## Allow special netid access for Hugh, Rich and Eric (Meida3) require shib-attr uid he22 rjm2 ers323
CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
---|---|---|
AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1
| |
Require valid-user | Require valid-user | |
Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
Require permit myPermit | Require shib-attr groups myPermit *Group membership is not released by default. Please specify group name in shibboleth integration form | |
Require noprompt | Not supported |
To understand the old CUWebAuth syntax, read Restricting and Opening Access to Your Site
Following directives can be simply deleted:
AuthName Cornell
CUWAKerberosPrincipal
CUWAWebLoginURL
CUWAKeytab
CUWAsessionFilePath