New CAS metadata support in 3.4
Marvin Addison
serac at vt.edu
Thu Nov 15 09:39:16 EST 2018
On Thu, Nov 15, 2018 at 9:32 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> Marvin would have to comment, but I think it's possibly the case that the metadata indexing by default doesn't allow for lookup of the information by the endpoint URLs.
That's correct. I defined a global bean for the indexes,
shibboleth.CASMetadataIndices, that you need to reference in the
configuration in metadata-providers.xml:
<MetadataProvider id="VTMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.tmp}/vt-metadata.xml"
metadataURL="#{VTMetadataUrlMap[systemEnvironment['ENV']]}"
indexesRef="shibboleth.CASMetadataIndices">
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
I got burned myself when setting this up in our AWS test environment
the other day, so it's easy to miss. Moreover, I see this appears to
be a missing point in the documentation [1], which I will fix today.
M
[1] https://wiki.shibboleth.net/confluence/display/IDP30/CASServiceSAMLMetadata
More information about the users
mailing list