Shibboleth FAQ
This article applies to: Shibboleth
Does the Cornell Identity Provider provide a logout service?
No. Our credentials remain valid until you close your browser. We recommend that you give the user instructions to quit the browser if they want to log out. If your application has a logout item in its menus, you might consider linking that item to a message instructing the user to quit the browser.
Does Cornell Shibboleth work with Weill Cornell Medicine CWIDs?
No. Weill has its own Identity Provider. If your application service provider supports multiple Identity Providers, a separate integration request can be sent to Weill Cornell Medicine IT.
Does Cornell Shibboleth work with GuestIDs?
Yes, if the service itself allows GuestID access, Shibboleth with work with a GuestID.
Does the Cornell Identity Provider provide high availability?
Yes, the Identity Provider is behind a load balancer that provides load balancing and failover.
What attributes does the Cornell Identity Provider release?
Currently we release the following public attributes. Other attributes are available but must be approved by the relevant data stewards; please send email to idmgmt@cornell.edu if you don't see the attribute you are looking for.
| Attribute Name In Enterprise Directory | Attribute Name In SAML Assertion | Attribute Friendly Name in SAML Assertion |
|---|---|---|
| edupersonprimaryaffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.5 | edupersonprimaryaffiliation |
|
cn (commonName) |
urn:oid:2.5.4.3 | cn |
| eduPersonPrincipalName (netid@cornell.edu) | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName |
| givenName (first name) | urn:oid:2.5.4.42 | givenName |
| sn (last name) | urn:oid:2.5.4.4 | sn |
| displayName | urn:oid:2.16.840.1.113730.3.1.241 | displayName |
| uid (netid) | urn:oid:0.9.2342.19200300.100.1.1 | uid |
| eduPersonOrgDN | urn:oid:1.3.6.1.4.1.5923.1.1.1.3 | eduPersonOrgDN |
| urn:oid:0.9.2342.19200300.100.1.3 | ||
| eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation |
| eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation |
| eduPersonEntitlement | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 | eduPersonEntitlement |
Can I get a Cornell NetID for testing purposes?
If you don't already have a Cornell NetID, you might be able to obtain a Sponsored NetID. Please talk to the person who is your contact at Cornell, or email idmgmt@cornell.edu.
Comments?
To share feedback about this page or request support, log in with your NetID