Integration with OnePass on Other Servers (CUHK Login via ADFS)

Integration with OnePass on Other Servers (CUHK Login via ADFS)

Information included on this page will help you to install and use Shibboleth for authentication and integration with OnePass on an Linux or Windows or other servers.

 

Integration with OnePass – Others

Service Provider using SaaS or the platforms other from Linux and Windows

 

1. Requirements & Configuration

 

2. Attributes Mapping
  • Core Attributes (The attributes are released by default)

AttributeID Reference for Attributes Mapping
NameID <Attribute name=”urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” id=”NameID”/>
objectGUID <Attribute name=”urn:oid:1.2.840.113556.1.4.2″ id=”objectGUID”/>
eduPersonAffiliation <Attribute name=”urn:oid:1.3.6.1.4.1.5923.1.1.1.1″ id=”unscoped-affiliation”>
<AttributeDecoder xsi:type=”StringAttributeDecoder” caseSensitive=”false”/>
</Attribute>
displayName <Attribute name=”urn:oid:2.16.840.1.113730.3.1.241″ id=”displayName”/>

  • Additional attributes (upon request)

AttributeID SAML 2 Names
employeeNumber <Attribute name=”urn:oid:2.16.840.1.113730.3.1.3″ id=”employeeNumber”/>
surname <Attribute name=”urn:oid:2.5.4.4″ id=”sn”/>
givenName <Attribute name=”urn:oid:2.5.4.42″ id=”givenName”/>

Restart shibboleth service after configuration, and check any error at C:\opt\shibboleth-sp\var\log\shibboleth\

 

3. Integration Work with OnePass Team
  • Provide your CADS no. to OnePass Team
  • The entity ID of your application
  • Provide Service Provider Metadata URL, must be accessible from campus network 137.189.8.0/24 and signed
  • The core attributes would be passed to your application by default, additional attributes need by request
  • Include OnePass Logout URL plus your application logout together for your logout button
    Testing environment: https://ststest.itsc.cuhk.edu.hk/adfs/ls/?wa=wsignout1.0
    UAT environment: https://stsu.itsc.cuhk.edu.hk/adfs/ls/?wa=wsignout1.0
    Production environment: https://sts.cuhk.edu.hk/adfs/ls/?wa=wsignout1.0
  • OnePass team would import your metadata and have configuration on OnePass Testing platform, email notification with testing accounts would be sent to you once ready for test
  • Test completion, vulnerability scanning must be pass before migrating to OnePass Production environment