New CAS metadata support in 3.4
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 27 09:19:56 EST 2018
On 11/27/18, 12:01 AM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:
> I'm not quite following. I guess I thought the AffiliationDescriptor was
> added to the entry for the SP you wanted to belong to the group
That wouldn't buy anything. Affiliations are "here are the members of a group", where traditional tagging is "here are the groups I'm a member of".
> but it sounds like you actually create a completely new EntityDescriptor entry whose name is the group you're
> creating?
Yes.
> <EntityDescriptor entityID="cas-calstateEduPersonEmplID">
Except that that isn't a legal entityID, but yes.
> But then you say that still won't work because the requesting entityid will
> be the CAS service URL rather than the CAS metadata entityid... Yep, I
> tried it, the policy still didn't activate.
That wouldn't be what I would expect so either the metadata's not right or there's another bug somewhere. Or it's connected to the decision made about what the CAS requester is.
-- Scott
More information about the users
mailing list