New CAS metadata support in 3.4

Paul B. Henson henson at
Tue Nov 27 00:00:56 EST 2018

On Tue, Nov 27, 2018 at 02:40:39AM +0000, Cantor, Scott wrote:

> > > Intuitively I expected the release policy to match on the defined
> > > exact entityid.
> Yes, I think it should.

Hmm, so this is perhaps a bug? Anything else I can do or test to verify?

> The AffiliateMember has to be the entityID of the member SP, which
> doesn't seem to be what you put in there. That still might not work if

I'm not quite following. I guess I thought the AffiliationDescriptor was
added to the entry for the SP you wanted to belong to the group, but it
sounds like you actually create a completely new EntityDescriptor entry
whose name is the group you're creating?

So something like:

    <EntityDescriptor entityID="cas-calstateEduPersonEmplID">
        <AffiliationDescriptor affiliationOwnerID="">

But then you say that still won't work because the requesting entityid will
be the CAS service URL rather than the CAS metadata entityid... Yep, I
tried it, the policy still didn't activate.

Paul B. Henson  |  (909) 979-6361  |
Operating Systems and Network Analyst  |  henson at
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list