Integration with OnePass on Other Servers (CUHK Login via ADFS)

Information included on this page will help you to install and use Shibboleth for authentication and integration with OnePass on an Linux or Windows or other servers.


Integration with OnePass – Others

Service Provider using SaaS or the platforms other from Linux and Windows


  • Support SAML 2.0
  • SSL enabled
  • SSO and SLO should be signed
  • Assertion should be signed and encrypted
  • Signing algorithm should be SHA256 for the federation
  • The application server time must be kept up-to-date and accurate
  • Metadata must be signed
  • Change Session lifetime=”28800” timeout=”1200”
  • Update SSO entityID to OnePass entityIDs on UAT / Production environments
  • Update MetadataProvider to OnePass UAT / Production environments
  • Logout button should be enhanced for global sign out OnePass session


  • Core Attributes (The attributes are released by default)
    • such as Email Address, Role (Staff/Student/Alumni), Display Name
  • Additional attributes
    • Upon request and requires approval

For more information about the specifics of the attributes released, please contact ITSC Service Desk.


  • Provide your CADS no. to OnePass Team
  • The entity ID of your application
  • Provide Service Provider Metadata URL, must be accessible from campus network and signed
  • The core attributes would be passed to your application by default, additional attributes need by request
  • Include OnePass Logout URL plus your application logout together for your logout button
  • OnePass team would import your metadata and have configuration on OnePass Testing platform, email notification with testing accounts would be sent to you once ready for test
  • Test completion, vulnerability scanning must be pass before migrating to OnePass Production environment
  • Please schedule the production with OnePass Team 3 working days in advance.