Configuring Shibboleth for Zoom

Richard Frovarp richard.frovarp at ndsu.edu
Mon Aug 24 19:43:01 UTC 2020 

We're also doing the extra attribute to hopefully catch changes in mail
/ ePPN. I don't think it has been tested in actual use though.

On Mon, 2020-08-24 at 19:06 +0000, Richard Frovarp wrote:
> Yeah, that's how we have it setup. Nothing special. Just releasing
> R&S to them.
> 
> On Mon, 2020-08-24 at 15:05 -0400, Donald Lohr wrote:
> > Thanks, this has been very helpful.
> > 
> > Does anyone have a functioning Shibboleth IdP configuration via
> > InCommon?
> > 
> > The reason I ask, is that another school told us:
> > 
> > Zoom is an InCommon member and we first attempted to configure with
> > InCommon. However, we had some challenges with the way they signed
> > assertions and logout. So, we decided we should do a manual
> > configuration of SSO instead. 
> > 
> > But I believe they've been a Zoom customer for a few years.
> > 
> > Thanks,
> > Don
> > 
> > 
> > On 8/21/20 10:41 PM, Lohr, Donald A - lohrda wrote:
> > > Referring to this URL:
> > > 
> > > 
https://support.zoom.us/hc/en-us/articles/201363003-Getting-started-with-SSO
> > > 
> > > ...it states the following:
> > > 
> > > First, configure your IdP to send us the following
> > >  Any unique identifier linked to nameID such as
> > > eduPersonTargetedID, persistentID, or mail
> > >  (Optional) Accepted attributes are email
> > > (urn:oid:0.9.2342.19200300. 100.1.3), sn (urn:oid:2.5.4.4),
> > > and givenName (urn:oid:2.5.4.42).
> > > 
> > > Our plan would be to configure Shibboleth to set the nameID for
> > > Zoom to not be a user's email address. We want to use a better
> > > unique & never changing attribute, the user's eduPersonUniqueId
> > > attribute value. We will also send Zoom a user's mail, givenname
> > > and sn attribute values.
> > > 
> > > Is anyone's Shibboleth configuration for Zoom using something
> > > other than email as the nameID value?  If so have you encountered
> > > any issues with nameID not set as a users email value? Especially
> > > with SSO login, the emailing of or accepting invitations or using
> > > the Canvas LTI Pro component.
> > > 
> > > -- 
> > > D o n a l d   L o h r
> > > I n f o r m a t i o n   S y s t e m s
> > > J a m e s   M a d i s o n   U n i v e r s i t y
> > > 5 4 0 . 5 6 8 . 3 7 3 0
> > > 
> > > 
> >  
> > -- 
> > D o n a l d   L o h r
> > I n f o r m a t i o n   S y s t e m s
> > J a m e s   M a d i s o n   U n i v e r s i t y
> > 5 4 0 . 5 6 8 . 3 7 3 0
> >

More information about the users mailing list