New CAS metadata support in 3.4
cantor.2 at osu.edu
Mon Nov 26 21:40:39 EST 2018
On 11/26/18, 9:31 PM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:
> > metadata instead... To clarify, is this how it's supposed to work?
> > Intuitively I expected the release policy to match on the defined
> > exact entityid.
Yes, I think it should.
> As I continue my journey of discovery :), I came across the new
> AffiliationDescriptor support in 3.4 and thought perhaps that could be
> used to make my existing 3.3 CAS release policy config work, so I added:
The AffiliateMember has to be the entityID of the member SP, which doesn't seem to be what you put in there. That still might not work if the internals of the request aren't being set up properly, which your other issues seem to suggest, but SAML-wise, that's how Affiliations work. The surrounding EntityDescriptor of the AffiliationDescriptor has the entityID of the "affiliation" (the group name) and the members are the SPs. affiliationOwnerID is informational, not relevant to any policy.
More information about the users