Thanks very much for the follow up. I just found that myself. Here are some more details.
Related log entries: 2018-10-26 14:37:24,325 DEBUG [org.apereo.cas.config.CasCoreConfiguration] - <Configuring authentication request service selection strategy plan [ExternalShibbolethIdPAuthenticationServiceSelectionStrategyConfiguration]> 2018-10-26 14:37:24,325 WARN [org.apereo.cas.config.ExternalShibbolethIdPAuthenticationServiceSelectionStrategyConfiguration] - <Shibboleth IdP url is not specified; External authentication requests by the IdP will not be recognized by CAS> Related property documentation (since the missing property is not mentioned in the log entry): https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#shibboleth-integrations After adding this, I am correctly matching on the provided entityId. Many thanks for the help. -dirk On Fri, Oct 26, 2018 at 10:58 AM Travis Schmidt <[email protected]> wrote: > Now that I am in front of my computer, the property is this: > > cas.authn.shibIdp.serverUrl= > > On Fri, Oct 26, 2018 at 7:00 AM Travis Schmidt <[email protected]> > wrote: > >> We do the same as well, looks like docs might need to be updated. You >> should only need to add support-shibboleth to your build, but there is a >> property that needs to be set that is your shibboleth idp url. You should >> see something in the logs on start up about it not being set. >> >> On Fri, Oct 26, 2018, 6:28 AM Tepe, Dirk <[email protected]> wrote: >> >>> We have a Shibboleth 3.3.x server which will authenticates via our CAS >>> 5.3.x server. I am interested in using the service provider's entity ID to >>> apply configuration within CAS rather than applying configuration to the >>> Shibboleth service as a whole. This appears to be possible based on: >>> >>> >>> https://apereo.github.io/cas/5.3.x/integration/Shibboleth.html#relying-party-entityid >>> >>> and >>> >>> >>> https://apereo.github.io/cas/5.3.x/installation/Configuring-Multifactor-Authentication-Triggers.html#entity-id-request-parameter >>> >>> I have built our war with the required cas-server-support-shibboleth >>> dependency and am testing using a login request with both service and >>> entityId parameters. However, CAS still uses the service configuration >>> which matches our Shibboleth service rather than the relying party given by >>> the entity ID. >>> >>> I made sure that the service I created for the relying party's entityId >>> has a lower evaluationOrder value than the definition which matches the >>> Shibboleth service, so I would expect the entityId value to take >>> precedence. When I use the entityId value as the service, CAS matches the >>> correct relying party service configuration, which indicates that the match >>> should happen and entityId isn't being considered. >>> >>> The documentation does not describe any additional configuration or >>> changes in the service configurations that are required to use entityId >>> when it's provided in the request. Has anyone been able to make this work >>> or have any suggestions what I'm missing? >>> >>> -dirk >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZzWiiS1dhpQLNYTQ2oL-JggGd3AkjSoMBmHVJvkcsGWrg%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZzWiiS1dhpQLNYTQ2oL-JggGd3AkjSoMBmHVJvkcsGWrg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb7XqvqLdYtVaSatKqhw29StzbYxjENnk2nBxLa%2BgWVPg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb7XqvqLdYtVaSatKqhw29StzbYxjENnk2nBxLa%2BgWVPg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZw6uk17tR9oCpmv56VFbawsKM6mc31qK2QHkH5xjubC0g%40mail.gmail.com.
