CAS OOB exception
Marvin Addison
serac at vt.edu
Fri May 24 15:27:38 EDT 2019
On Fri, May 24, 2019 at 3:06 PM Liam Hoekenga <liamr at umich.edu> wrote:
> If I strip the query string from the entityID, the IDP doesn't find the metadata. It still falls directly through to wanting to use the service registry.
In your example, assuming what you have in the entity ID is what the
CAS client is emitting for the service URL, then you would need
something like the following in the metadata:
<AssertionConsumerService
Binding="https://www.apereo.org/cas/protocol/login"
Location="https://testing.vialivetext.com/auth/cas/callback"
index="1"/>
> does CAS really have the concept of a settable entityID like SAML does?
We're getting creative to fit the CAS protocol mechanics into SAML
metadata. That said, I think it's pretty reasonable with substring
matching on locations. When it finds a match, it returns whatever
you've configured for the entity ID as the relying party ID. So in
this model the entity ID is free to be whatever you want; it's the ACS
locations that matter.
M
More information about the users
mailing list