Question about CAS and Shibboleth v4.0.1
Joseph Fischetti
Joseph.Fischetti at marist.edu
Thu Jun 11 15:42:26 UTC 2020
> cas-protocol.xml isn't the issue (that file is how you configure all these options), but you're asking about the original ServiceRegistry. No, it's not going away, nor is it a requirement to configure both, nor is it a requirement for the metadata option to be first in the registry list, which is why the warnings are showing up, it's falling through one to get to the other.
What tells the IdP to look in metadata for CAS services?
The CASServiceRegistry reference in services.xml:
<util:list id="shibboleth.CASServiceRegistryResources">
<value>%{idp.home}/conf/cas-protocol.xml</value>
</util:list>
The only relevant setting I can find in services.properties:
#idp.service.cas.registry.resources = shibboleth.CASServiceRegistryResources
There's no "metadata" option in my service registry list. The word 'meta' isn't in the cas-protocol file at all (which is the only place that I know of where the service registry is defined).
[root at auth-testdev conf]# grep -i "meta" cas-protocol.xml
[root at auth-testdev conf]#
I can't find in the documentation where it states *when* the metadata lookup is triggered.
More information about the users
mailing list