Integration with OnePass on Other Servers (CUHK Login via ADFS)

• Support SAML 2.0
• SSL enabled
• SSO and SLO should be signed
• Assertion should be signed and encrypted
• Signing algorithm should be SHA256 for the federation
• The application server time must be kept up-to-date and accurate
• Metadata must be signed
• Change Session lifetime=”28800” timeout=”1200”
• Update SSO entityID to OnePass entityIDs on UAT / Production environments
• Update MetadataProvider to OnePass UAT / Production environments
• Logout button should be enhanced for global sign out OnePass session

• Core Attributes (The attributes are released by default)
  • such as Email Address, Role (Staff/Student/Alumni), Display Name

For more information about the specifics of the attributes released, please contact ITSC Service Desk.

• Provide your CADS no. to OnePass Team
• The entity ID of your application
• Provide Service Provider Metadata URL, must be accessible from campus network and signed
• The core attributes would be passed to your application by default, additional attributes need by request
• Include OnePass Logout URL plus your application logout together for your logout button
• OnePass team would import your metadata and have configuration on OnePass Testing platform, email notification with testing accounts would be sent to you once ready for test
• Test completion, vulnerability scanning must be pass before migrating to OnePass Production environment
• Please schedule the production with OnePass Team 3 working days in advance.