For schools that are interested in authentication integration using Shibboleth, we will need the following configuration information:
- EntityID of your IdP
- Additional attributes we will need returned along with each login:
- A permanently unique identifier (usually uid)
- First name (usually givenName)
- Last name (usually sn)
- Username (usually eduPersonPrincipalName)
- Email (usually mail)
- groups (usually eduPersonScopedAffiliation)
- name of the faculty group to determine if a user should have "faculty" rights. (usually "faculty")
- CertFingerprint from your IdP. CertFingerprint can be calculated from your Shibboleth IdP certificate this way:
- cat idp.crt | openssl x509 -fingerprint | grep SHA1 | sed "s/^[^=]*=//g" | sed "s/://g"
The metadata url from Digication will be:
Ensure that your signing method is SHA1 and that the attributes needed are properly released and named.
Attached is the latest self-signed certificate we use: