Issues using metadata for CAS services

[Bickel, David]

Hello fellow shibboleth users,

 
I am looking for a bit of guidance around setting up the CAS protocol to leverage metadata instead of cas-protocol.xml regular expressions.  
 
I have read 
https://wiki.shibboleth.net/confluence/display/SC/CASMetadataProfile 
& 
https://wiki.shibboleth.net/confluence/display/IDP30/CASServiceSAMLMetadata
several times.  Yet I feel I must be missing some piece to the puzzle.   As all of my tests end up sending the request through as an UnverifiedRelyingParty.
 
I am using the docker image tier/shib-idp:3.4.6_20191002 for my setup.  I have gone through many iterations but the most recent is below.  I greatly appreciate any feedback.
 
Thanks,
--David
 
<!—- from metadata-providers.xml -->
<MetadataProvider id="IMSCASSP"
                  xsi:type="FileBackedHTTPMetadataProvider"
                  backingFile="%{idp.home}/metadata/local-castest-metadata.xml"
                  metadataURL="https://www.iu.edu/~imsteam/univ-idp/dev/ims-cas-services-metadata.xml"
                  indexesRef="shibboleth.CASMetadataIndices">
    <MetadataFilter xsi:type="EntityRoleWhiteList">
        <RetainedRole>SPSSODescriptor</RetainedRole>
    </MetadataFilter>
</MetadataProvider>
 
<!-- local-castest-metadata.xml -->

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="085934d90c20659e68de1af3dca8d11cc4c0d74dada1" entityID="https://alpha.example.org/">
    <md:SPSSODescriptor protocolSupportEnumeration="https://www.apereo.org/cas/protocol">
        <md:AssertionConsumerService
            Binding="https://www.apereo.org/cas/protocol/login"
            Location="https://alpha.example.org/"
            index="1"/>
        <md:AssertionConsumerService
            Binding="https://www.apereo.org/cas/protocol/login"
            Location="https://alpha.dev.example.org/"
            index="2"/>
        <md:SingleLogoutService
            Binding="https://www.apereo.org/cas/protocol/logout"
            Location="urn:mace:shibboleth:profile:CAS:logout"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>

 

 

J. David Bickel

Indiana University

Identity Management Systems

2709 E 10th Street

Bloomington, IN 47408 

812-855-6346 

jdbickel at iu.edu 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191105/5d3601e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 22467 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20191105/5d3601e3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5186 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20191105/5d3601e3/attachment.p7s>