Canvas Integration Examples

Jeremiah Brock jbrock at
Tue May 21 12:03:45 EDT 2019

Just a quick follow up - I got it working!

My issue wasn't configs as much as it was a bad signing crt in my

My working setup (for anyone else stumbling onto this via Google) is :

*Context *: We are using the student/staff SID as the Login Attribute which
ties to our pre-generated Canvas Accounts.  In our directory, we populate
the *employeenumber* with this SID.

*Canvas SAML Settings :*

*Login Attribute* : sid    (this is any attribute that you release to
Canvas to tie into the accounts on their end)
*Identifier Format* : urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
*Authentication Context*
: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
*Message Signing* : RSA-SHA1

*Shibboleth IDP Settings :*


<!-- Might look at pointing this to incommon in the future -->
<MetadataProvider id="CanvasMetadata"


<AttributeDefinition xsi:type="Simple" id="sid"
    <Dependency ref="389DSLDAP" />
    <AttributeEncoder xsi:type="SAML1String"
name="urn:mace:dir:attribute-def:sid" encodeType="false" />
    <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="sid"
encodeType="false" />


<AttributeFilterPolicy id="InstructureCanvasPolicy">

    <PolicyRequirementRule xsi:type="Requester" value=""/>

    <AttributeRule attributeID="sid">

        <PermitValueRule xsi:type="ANY"/>



Have a great day fellow Shibboleth users!


On Mon, May 20, 2019 at 3:36 PM Cantor, Scott <cantor.2 at> wrote:

> On 5/20/19, 6:27 PM, "Jeremiah Brock" <jbrock at> wrote:
> > Scott if you have an in with Canvas - might want to suggest they update
> their documentation for integrating with
> > Shibboleth.
> I don't encourage vendors to do anything but document their SAML
> requirements. Shibboleth configuration is up to our documentation, not
> theirs.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at

Jeremiah Brock
IT Web, Data and Development Services / Information Security
jbrock at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list