Skip to main content

Cornell University

Shibboleth FAQ

This article applies to: Shibboleth

Does the Cornell Identity Provider provide a logout service?

No. Our credentials remain valid until you close your browser. We recommend that you give the user instructions to quit the browser if they want to log out. If your application has a logout item in its menus, you might consider linking that item to a message instructing the user to quit the browser.

Does Cornell Shibboleth work with Weill Cornell Medicine CWIDs?

No. Weill has its own Identity Provider. If your application service provider supports multiple Identity Providers, a separate integration request can be sent to Weill Cornell Medicine IT.

Does Cornell Shibboleth work with GuestIDs?

Yes, if the service itself allows GuestID access, Shibboleth with work with a GuestID.

Does the Cornell Identity Provider provide high availability?

Yes, the Identity Provider is behind a load balancer that provides load balancing and failover.

What attributes does the Cornell Identity Provider release?

Currently we release the following public attributes. Other attributes are available but must be approved by the relevant data stewards; please send email to if you don't see the attribute you are looking for.

Attribute Name In Enterprise Directory Attribute Name In SAML Assertion Attribute Friendly Name in SAML Assertion
edupersonprimaryaffiliation urn:oid: edupersonprimaryaffiliation

cn (commonName)

urn:oid: cn
eduPersonPrincipalName ( urn:oid: eduPersonPrincipalName
givenName (first name) urn:oid: givenName
sn (last name) urn:oid: sn
displayName urn:oid:2.16.840.1.113730.3.1.241 displayName
uid (netid) urn:oid:0.9.2342.19200300.100.1.1 uid
eduPersonOrgDN urn:oid: eduPersonOrgDN
mail urn:oid:0.9.2342.19200300.100.1.3 mail
eduPersonAffiliation urn:oid: eduPersonAffiliation
eduPersonScopedAffiliation urn:oid: eduPersonScopedAffiliation
eduPersonEntitlement urn:oid: eduPersonEntitlement

Can I get a Cornell NetID for testing purposes?

If you don't already have a Cornell NetID, you might be able to obtain a Sponsored NetID. Please talk to the person who is your contact at Cornell, or email


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.