New CAS metadata support in 3.4

Cantor, Scott cantor.2 at
Tue Nov 27 09:19:56 EST 2018

On 11/27/18, 12:01 AM, "users on behalf of Paul B. Henson" <users-bounces at on behalf of henson at> wrote:

> I'm not quite following. I guess I thought the AffiliationDescriptor was
> added to the entry for the SP you wanted to belong to the group

That wouldn't buy anything. Affiliations are "here are the members of a group", where traditional tagging is "here are the groups I'm a member of".

> but it sounds like you actually create a completely new EntityDescriptor entry whose name is the group you're
> creating?


>    <EntityDescriptor entityID="cas-calstateEduPersonEmplID">

Except that that isn't a legal entityID, but yes.

> But then you say that still won't work because the requesting entityid will
> be the CAS service URL rather than the CAS metadata entityid... Yep, I
> tried it, the policy still didn't activate.

That wouldn't be what I would expect so either the metadata's not right or there's another bug somewhere. Or it's connected to the decision made about what the CAS requester is.

-- Scott

More information about the users mailing list