Guidelines for OnePass Login (CUHK Login via ADFS) – FAQs

Any useful reference?
Here https://wiki.shibboleth.net/confluence/display/SHIB2 contains the installation, configuration, and other notes for Shibboleth Service Provider.

If I used Shibboleth SP for my web protection, how to exclude public pages under protected folders?
Option1: (for Apache and IIS)To put authorization in shibboleth2.xml using RequestMapper.
The RequestMapper may look like this, to make all except default.aspx require login:

<RequestMapper type=”Native”>
<RequestMap>
<Host name=” abc.cuhk.edu.hk”>
<Path name=”secure” authType=”shibboleth” requireSession=”true”/>
<Path name=”abc”>
<Path name=”default.aspx” authType=”shibboleth” requireSession=”false”/>
<PathRegex regex=”.*” authType=”shibboleth” requireSession=”true”/>
</Path>
</Host>
</RequestMap>
</RequestMapper>

In apache config, remove related Location tags and add this:

<Location />
AuthType shibboleth
require shibboleth
</Location>

Option2: (for apache config solely)

<Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
</Location><Location /test>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
</Location>

<Location /test/default.php>
AuthType shibboleth
ShibRequestSetting requireSession 0
require shibboleth
</Location>