New CAS metadata support in 3.4
Paul B. Henson
henson at cpp.edu
Mon Nov 26 21:31:36 EST 2018
On Mon, Nov 26, 2018 at 06:20:08PM -0800, Paul B. Henson wrote:
> metadata instead... To clarify, is this how it's supposed to work?
> Intuitively I expected the release policy to match on the defined
> exact entityid.
As I continue my journey of discovery :), I came across the new
AffiliationDescriptor support in 3.4 and thought perhaps that could be
used to make my existing 3.3 CAS release policy config work, so I added:
<AffiliationDescriptor affiliationOwnerID="https://www.cpp.edu">
<AffiliateMember>cas-cppEduPersonAffiliation</AffiliateMember>
</AffiliationDescriptor>
to my test metadata and updated my release policy to include the new
checkAffiliations parameter:
<AttributeFilterPolicy id="cas-cppEduPersonAffiliation">
<PolicyRequirementRule xsi:type="InEntityGroup"
groupID="cas-cppEduPersonAffiliation" checkAffiliations="true" /
<AttributeRule permitAny="true" attributeID="cppEduPersonAffiliation" />
</AttributeFilterPolicy>
However, the policy doesn't seem to be activated when I make a request?
2018-11-26 18:26:21,396 -
134.71.247.227/99EC5B6752705FE2D8947DD0A323ACCF - DEBUG
[net.shibboleth.idp.attribute.filter.Attr
ibuteFilterPolicy:128] - Attribute Filter Policy
'cas-cppEduPersonAffiliation' Checking if attribute filter policy is
active
2018-11-26 18:26:21,396 -
134.71.247.227/99EC5B6752705FE2D8947DD0A323ACCF - DEBUG
[net.shibboleth.idp.attribute.filter.Attr
ibuteFilterPolicy:137] - Attribute Filter Policy
'cas-cppEduPersonAffiliation' Policy is not active for this request
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list