Integration with OnePass on Other Servers (CUHK Login via ADFS)

Information included on this page will help you to install and use Shibboleth for authentication and integration with OnePass on an Linux or Windows or other servers.

Integration with OnePass – Others

Service Provider using SaaS or the platforms other from Linux and Windows

1. Requirements & Configuration

Support SAML 2.0
SSL enabled
SSO and SLO should be signed
Assertion should be signed and encrypted
Signing algorithm should be SHA256 for the federation
The application server time must be kept up-to-date and accurate
Metadata must be signed
Change Session lifetime=”28800” timeout=”1200”
Update SSO entityID to OnePass entityIDs on UAT / Production environments
Update MetadataProvider to OnePass UAT / Production environments
Logout button should be enhanced for global sign out OnePass session

2. Attributes Mapping

Core Attributes (The attributes are released by default)
- such as Email Address, Role (Staff/Student/Alumni), Display Name

Additional attributes
- Upon request and requires approval

For more information about the specifics of the attributes released, please contact ITSC Service Desk.

3. Integration Work with OnePass Team

Provide your CADS no. to OnePass Team
The entity ID of your application
Provide Service Provider Metadata URL, must be accessible from campus network and signed
The core attributes would be passed to your application by default, additional attributes need by request
Include OnePass Logout URL plus your application logout together for your logout button
OnePass team would import your metadata and have configuration on OnePass Testing platform, email notification with testing accounts would be sent to you once ready for test
Test completion, vulnerability scanning must be pass before migrating to OnePass Production environment