New CAS metadata support in 3.4

Paul B. Henson henson at
Mon Nov 26 21:20:08 EST 2018

On Tue, Nov 27, 2018 at 02:02:17AM +0000, Paul B. Henson wrote:

> and the service received the proper attributes. Is this expected
> operation? I would've thought release policies would be based on the
> configured entityid rather than each of the individual separate
> AssertionConsumerService URLs, which are a prefix match and not fully
> inclusive of every possible URL?

So I changed my release policy to be a regex:

<PolicyRequirementRule xsi:type="RequesterRegex"
regex="^https?://(login\.)?proxy(-dev)?\.library\.cpp\.edu/login.*" />

and that worked; that's actually the exact regex I had in
cas-protocol.xml defining the service before I started testing using
metadata instead... To clarify, is this how it's supposed to work?
Intuitively I expected the release policy to match on the defined
exact entityid.


Paul B. Henson  |  (909) 979-6361  |
Operating Systems and Network Analyst  |  henson at
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list