Configuring Shibboleth for Zoom
Schwendner, Joanne
joanne_schwendner at brown.edu
Mon Aug 24 23:01:47 UTC 2020
Hi Don,
We set up our Zoom integration via InCommon three years ago. We are using
email, but not in the nameID -- just in a regular attribute.
The InCommon setup went very smoothly, and it has been working well ever
since.
We also pass an entitlement string, the value of which we assign according
to Grouper groups, that controls access to different account types.
Joanne
---
Joanne Schwendner
Senior Developer - Web, Integration, & Identity Services
Brown University
On Mon, Aug 24, 2020 at 3:05 PM Donald Lohr <lohrda at jmu.edu> wrote:
> Thanks, this has been very helpful.
>
> Does anyone have a functioning Shibboleth IdP configuration via InCommon?
>
> The reason I ask, is that another school told us:
>
> *Zoom is an InCommon member and we first attempted to configure with
> InCommon. However, we had some challenges with the way they signed
> assertions and logout. So, we decided we should do a manual configuration
> of SSO instead. *
>
> But I believe they've been a Zoom customer for a few years.
>
> Thanks,
> Don
>
>
> On 8/21/20 10:41 PM, Lohr, Donald A - lohrda wrote:
>
> Referring to this URL:
>
>
>
> https://support.zoom.us/hc/en-us/articles/201363003-Getting-started-with-SSO
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__support.zoom.us_hc_en-2Dus_articles_201363003-2DGetting-2Dstarted-2Dwith-2DSSO&d=DwMGaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=fLnm-WN9U4d94T42-8yB77D1UNg2gyNoFMXbDF8Oh9w&s=apt4aG3d0K1Wv8QERvPkmi6ynRplZudGFD6sPI3ZN8c&e=>
>
>
> ...it states the following:
>
>
> First, configure your IdP to send us the following
>
> - Any unique identifier linked to nameID such as eduPersonTargetedID,
> persistentID, or mail
> - (Optional) Accepted attributes are email (urn:oid:0.9.2342.19200300.
> 100.1.3), sn (urn:oid:2.5.4.4), and givenName (urn:oid:2.5.4.42).
>
>
> Our plan would be to configure Shibboleth to set the nameID for Zoom to
> not be a user's email address. We want to use a better unique & never
> changing attribute, the user's eduPersonUniqueId attribute value. We will
> also send Zoom a user's mail, givenname and sn attribute values.
>
>
> Is anyone's Shibboleth configuration for Zoom using something other than
> email as the nameID value? If so have you encountered any issues with
> nameID not set as a users email value? Especially with SSO login, the
> emailing of or accepting invitations or using the Canvas LTI Pro component.
>
> --
> D o n a l d L o h r
> I n f o r m a t i o n S y s t e m s
> J a m e s M a d i s o n U n i v e r s i t y
> 5 4 0 . 5 6 8 . 3 7 3 0
>
>
> --
> D o n a l d L o h r
> I n f o r m a t i o n S y s t e m s
> J a m e s M a d i s o n U n i v e r s i t y
> 5 4 0 . 5 6 8 . 3 7 3 0
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200824/750791fa/attachment.htm>
More information about the users
mailing list