New CAS metadata support in 3.4
Nate Klingenstein
ndk at signet.id
Thu Nov 15 02:31:41 EST 2018
Though that would be contradicted by the presence of:
<AssertionConsumerService
Binding="https://www.apereo.org/cas/protocol/login"
Location="https://alpha.dev.example.org/"
index="2"/>
So... I don't know. I guess I'm wrong.
shibboleth.UnverifiedRelyingParty (RPID https://login.proxy-dev.library.cpp.edu/login)
is a pretty strong indicator that it could find no metadata for the requester, though.
-----Original message-----
> From: Nate Klingenstein
> Sent: Thursday, November 15 2018, 12:23 am
> To: Shib Users
> Subject: RE: New CAS metadata support in 3.4
>
> Paul,
>
> I think it's treating the provider as unrecognized, not the endpoint as not matching. I'm guessing that the entityID(which is the URL) basically needs to match the URL, so you would generally need a separate EntityDescriptor for each service. See, for instance, the example:
>
> https://wiki.shibboleth.net/confluence/display/SC/CASMetadataProfile
>
> <EntityDescriptor entityID="https://alpha.example.org/">
> ...
> <AssertionConsumerService
> Binding="https://www.apereo.org/cas/protocol/login"
> Location="https://alpha.example.org/"
> index="1"/>
>
> Take care,
> Nate.
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
More information about the users
mailing list