Shibboleth
Last updated
Last updated
Throughout this guide,
%{idp.home}
is the directory where you installed your Shibboleth Identity Provider. When configuring Shibboleth, make sure to replace%{idp.home}
with your specific path.
Download and store the metadata XML file from your Shibboleth server at the following location %{idp.home}/metadata/idp-metadata.xml
.
Update the value of Sign-On URL in the IdP metadata file from
%{idp.home}/idp/profile/Shibboleth/SSO
to
%{idp.home}/idp/profile/SAML2/POST/SSO
In the new integration card select Shibboleth as SSO system.
After selecting Shibboleth as SSO system, fill in a name to identify the integration. Then upload the IdP metadata XML file (downloaded in the preliminary step).
Once the name is filled and the file is uploaded, click the Save button. This action will save the integration data in the Cusna system.
Download the Cusna metadata XML file from the download section that will appear. Rename the metadata file to cusna-metadata.xml
.
Insert the following text to the Shibboleth metadata provider file metadata-providers.xml at the following location:
%{idp.home}/conf/metadata-providers.xml
To enable connection between Shibboleth and Cusna, you need to define a new RelyingParty
element in the file located at %{idp.home}/conf/relying-party.xml
. Insert the following text to the relying-party.xml.
Make sure the c:relyingPartyIds
(line 1) matches the entityID value specified in Cusna metadata XML file cusna-metadata.xml (eg.: cusna-14251113262c18bccc2478a05815fa02724db3c619d29d614d22f38e1e7f154b).
Make sure to configure the attributes names to match Cusna requirements. The following is the list of attributes that can be shared with Cusna with the required name. Please note that the attribute naming adheres to SAML2 standard.
yes
urn:oid:0.9.2342.19200300.100.1.3
first name
no
urn:oid:2.5.4.42
last name
no
urn:oid:2.5.4.4
group Ids
no
urn:oid:1.3.6.1.4.1.5923.1.1.1.1
At this point the integration is correctly configured and users can login using their own credentials.