Integration with OnePass on Other Servers (CUHK Login via ADFS)

Information included on this page will help you to install and use Shibboleth for authentication and integration with OnePass on an Linux or Windows or other servers.

Integration with OnePass – Others

Service Provider using SaaS or the platforms other from Linux and Windows

1. Requirements & Configuration

Support SAML 2.0
SSL enabled
SSO and SLO should be signed
Assertion should be signed and encrypted
Signing algorithm should be SHA256 for the federation
The application server time must be kept up-to-date and accurate
Metadata must be signed
Change Session lifetime=”28800” timeout=”1200”
Update SSO entityID to OnePass entityIDs on UAT / Production environments
Update MetadataProvider to OnePass UAT / Production environments
Logout button should be enhanced for global sign out OnePass session

2. Attributes Mapping

Core Attributes (The attributes are released by default)
- such as Email Address, Role (Staff/Student/Alumni), Display Name

Additional attributes
- Upon request and requires approval

For more information about the specifics of the attributes released, please contact ITSC Service Desk.

3. Integration Work with OnePass Team

Provide your CADS no. to OnePass Team
The entity ID of your application
Provide Service Provider Metadata URL, must be accessible from campus network and signed
The core attributes would be passed to your application by default, additional attributes need by request
Include OnePass Logout URL plus your application logout together for your logout button
OnePass team would import your metadata and have configuration on OnePass Testing platform, email notification with testing accounts would be sent to you once ready for test
Test completion, vulnerability scanning must be pass before migrating to OnePass Production environment
Please schedule the production with OnePass Team 3 working days in advance.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.