CUWebAuth | Shibboleth(shib.conf) | Shibboleth(shibboleth2.xml) |
---|---|---|
AuthName Cornell | Delete it | |
AuthType all | AuthType shibboleth ShibRequestSetting requireSession 1 | |
Require valid-user | Require valid-user | |
Require netid netid1 netid2 | Require shib-attr uid netid1 netid2 | |
Require permit myPermit | Require shib-attr groups myPermit | |
Require noprompt | Not supported | |
CUWA2FARequire all | ShibRequestSetting authnContextClassRef http://cornell.edu/mfa | |
CUWA2FARequire permit-name1 permit-name2 | Not supported in Shibboleth SP. But can be supported in Shibboleth IDP. Please specify your requirement in shibboleth integration request form | |
CUWACredentialAge | <Sessions lifetime= ... > | |
CUWAinactivityTimeout | <Sessions ... timeout=...> | |
Combination of CUWACredentialAge and CUWAinactivityTimeout for the purpose of forcing user re-login | ShibRequestSetting forceAuthn true |