New CAS metadata support in 3.4
cantor.2 at osu.edu
Tue Nov 27 09:19:56 EST 2018
On 11/27/18, 12:01 AM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:
> I'm not quite following. I guess I thought the AffiliationDescriptor was
> added to the entry for the SP you wanted to belong to the group
That wouldn't buy anything. Affiliations are "here are the members of a group", where traditional tagging is "here are the groups I'm a member of".
> but it sounds like you actually create a completely new EntityDescriptor entry whose name is the group you're
> <EntityDescriptor entityID="cas-calstateEduPersonEmplID">
Except that that isn't a legal entityID, but yes.
> But then you say that still won't work because the requesting entityid will
> be the CAS service URL rather than the CAS metadata entityid... Yep, I
> tried it, the policy still didn't activate.
That wouldn't be what I would expect so either the metadata's not right or there's another bug somewhere. Or it's connected to the decision made about what the CAS requester is.
More information about the users