Guidelines for OnePass Login (CUHK Login via ADFS) – FAQs

  1. Any useful reference?
    Here https://wiki.shibboleth.net/confluence/display/SHIB2 contains the installation, configuration, and other notes for Shibboleth Service Provider.
  2. If I used Shibboleth SP for my web protection, how to exclude public pages under protected folders?
    Option1: (for Apache and IIS)To put authorization in shibboleth2.xml using RequestMapper.
    The RequestMapper may look like this, to make all except default.aspx require login:

    <RequestMapper type=”Native”> 
    <RequestMap> 
    <Host name=” abc.cuhk.edu.hk”> 
    <Path name=”secure” authType=”shibboleth” requireSession=”true”/> 
    <Path name=”abc”> 
    <Path name=”default.aspx” authType=”shibboleth” requireSession=”false”/> 
    <PathRegex regex=”.*” authType=”shibboleth” requireSession=”true”/> 
    </Path> 
    </Host> 
    </RequestMap> 
    </RequestMapper>

     

    In apache config, remove related Location tags and add this:

    <Location />
    AuthType shibboleth 
    require shibboleth 
    </Location>

     

    Option2: (for apache config solely)

    <Location /secure>
    AuthType shibboleth 
    ShibRequestSetting requireSession 1 
    require shib-session 
    </Location><Location /test> 
    AuthType shibboleth 
    ShibRequestSetting requireSession 1 
    require shib-session 
    </Location>

    <Location /test/default.php> 
    AuthType shibboleth 
    ShibRequestSetting requireSession 0 
    require shibboleth 
    </Location>