New CAS metadata support in 3.4
Paul B. Henson
henson at cpp.edu
Wed Nov 14 21:29:21 EST 2018
So I updated my dev instance to 3.4 and started to play with the new CAS
metadata support. I decided to segregate the CAS metadata, so I updated
services.xml to:
<util:list id="shibboleth.MetadataResolverResources">
<value>%{idp.home}/conf/cas-metadata-providers.xml</value>
<value>%{idp.home}/conf/metadata-providers.xml</value>
<value>%{idp.home}/system/conf/metadata-providers-system.xml</value>
</util:list>
For the initial test, I removed this entry from cas-protocol.xml:
<bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
c:regex="https?://(login\.)?proxy(-dev)?\.library\.cpp\.edu/login.*"
p:group="cas-cppEduPersonAffiliation"
p:singleLogoutParticipant="false"
p:authorizedToProxy="false" />
and added this to the new cas-metadata-providers.xml:
2018-11-14 18:18:42,879 - 2620:df:8000:f000:0:1:250:134/D75EA1329FF41AEE2E9228374395DED3 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfigurProvider xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata"
id="proxy.library.cpp.edu"
xsi:type="InlineMetadataProvider">
<samlmd:EntityDescriptor entityID="https://proxy.library.cpp.edu/">
<samlmd:SPSSODescriptor protocolSupportEnumeration="https://www.apereo.org/cas/protocol">
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="http://proxy.library.cpp.edu/login"
index="1"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="http://proxy-dev.library.cpp.edu/login"
index="2"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="http://login.proxy.library.cpp.edu/login"
index="3"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="http://login.proxy-dev.library.cpp.edu/login"
index="4"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="https://proxy.library.cpp.edu/login"
index="5"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="https://proxy-dev.library.cpp.edu/login"
index="6"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="https://login.proxy.library.cpp.edu/login"
index="7"/>
<samlmd:AssertionConsumerService Binding="https://www.apereo.org/cas/protocol/login"
Location="https://login.proxy-dev.library.cpp.edu/login"
index="8"/>
</samlmd:SPSSODescriptor>
</samlmd:EntityDescriptor>
</MetadataProvider>
However, on attempting to log in, I received this error:
2018-11-14 18:18:42,879 - 2620:df:8000:f000:0:1:250:134/D75EA1329FF41AEE2E9228374395DED3 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile https://www.apereo.org/cas/protocol/login is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://login.proxy-dev.library.cpp.edu/login)
The listed RPID is ACS #8 in my metadata? Why isn't it mapped to the listed
entity id https://proxy.library.cpp.edu/? Am I missing or misunderstanding
something?
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list