New CAS metadata support in 3.4
Nate Klingenstein
ndk at signet.id
Thu Nov 15 02:23:04 EST 2018
Paul,
I think it's treating the provider as unrecognized, not the endpoint as not matching. I'm guessing that the entityID(which is the URL) basically needs to match the URL, so you would generally need a separate EntityDescriptor for each service. See, for instance, the example:
https://wiki.shibboleth.net/confluence/display/SC/CASMetadataProfile
<EntityDescriptor entityID="https://alpha.example.org/">
...
<AssertionConsumerService
Binding="https://www.apereo.org/cas/protocol/login"
Location="https://alpha.example.org/"
index="1"/>
Take care,
Nate.
More information about the users
mailing list