Website Access through Cornell Single-Sign-On

CUWebAuth is no longer supported

  • Old web servers ran CUWebAuth, a custom Apache module to restrict access to webpages by Cornell netid. CUWebAuth is now deprecated and must be replaced on all servers.
  • New web servers are using Shibboleth for netid authentication. This will require some changes to how your website is configured.

Shibboleth

To secure a web directory with Shibboleth, add or update your .htaccess file in the directory.

1. Comment/delete any lines referencing CUWebAuth

#AuthName CORNELL
#AuthType all

2. Include the following lines and uncomment the “Require” lines/options below:

###############################
### For Shibboleth options are:
AuthType shibboleth
ShibRequestSetting requireSession 1

#Require valid-user
#Require shib-attr uid netid1 netid2
#Require shib-attr groups myPermit1 myPermit2
###############################
  • Notes:
    • Require valid-user: will restrict access to anyone with a valid Cornell netid
    • Require shib-attr uid netid1 netid2: will restrict access to specific netids
    • Require shib-attr groups myPermit1 myPermit2: will restrict access by AD group permits

.htaccess file examples

###############################
### Restrict access to all Cornell netids
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
###############################

###############################
### Restrict access to a list of Cornell netids
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-attr uid mlc23 jap425 cff28
###############################

###############################
### Restrict access to ActiveDirectory group
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-attr groups cu.employee
###############################

3. Save your .htaccess and test by visiting your website.

You should get the prompt to login using your Cornell netid and password.

For more information about converting CUWebAuth to Shibboleth visit:

  • https://confluence.cornell.edu/pages/viewpage.action?pageId=385849406