Thanks very much for the follow up. I just found that myself. Here are some more details.
Related log entries: 2018-10-26 14:37:24,325 DEBUG [org.apereo.cas.config.CasCoreConfiguration] - <Configuring authentication request service selection strategy plan [ExternalShibbolethIdPAuthenticationServiceSelectionStrategyConfiguration]> 2018-10-26 14:37:24,325 WARN [org.apereo.cas.config.ExternalShibbolethIdPAuthenticationServiceSelectionStrategyConfiguration] - <Shibboleth IdP url is not specified; External authentication requests by the IdP will not be recognized by CAS> Related property documentation (since the missing property is not mentioned in the log entry): https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#shibboleth-integrations After adding this, I am correctly matching on the provided entityId. Many thanks for the help. -dirk On Fri, Oct 26, 2018 at 10:58 AM Travis Schmidt <travis.schm...@gmail.com> wrote: > Now that I am in front of my computer, the property is this: > > cas.authn.shibIdp.serverUrl= > > On Fri, Oct 26, 2018 at 7:00 AM Travis Schmidt <travis.schm...@gmail.com> > wrote: > >> We do the same as well, looks like docs might need to be updated. You >> should only need to add support-shibboleth to your build, but there is a >> property that needs to be set that is your shibboleth idp url. You should >> see something in the logs on start up about it not being set. >> >> On Fri, Oct 26, 2018, 6:28 AM Tepe, Dirk <tep...@miamioh.edu> wrote: >> >>> We have a Shibboleth 3.3.x server which will authenticates via our CAS >>> 5.3.x server. I am interested in using the service provider's entity ID to >>> apply configuration within CAS rather than applying configuration to the >>> Shibboleth service as a whole. This appears to be possible based on: >>> >>> >>> https://apereo.github.io/cas/5.3.x/integration/Shibboleth.html#relying-party-entityid >>> >>> and >>> >>> >>> https://apereo.github.io/cas/5.3.x/installation/Configuring-Multifactor-Authentication-Triggers.html#entity-id-request-parameter >>> >>> I have built our war with the required cas-server-support-shibboleth >>> dependency and am testing using a login request with both service and >>> entityId parameters. However, CAS still uses the service configuration >>> which matches our Shibboleth service rather than the relying party given by >>> the entity ID. >>> >>> I made sure that the service I created for the relying party's entityId >>> has a lower evaluationOrder value than the definition which matches the >>> Shibboleth service, so I would expect the entityId value to take >>> precedence. When I use the entityId value as the service, CAS matches the >>> correct relying party service configuration, which indicates that the match >>> should happen and entityId isn't being considered. >>> >>> The documentation does not describe any additional configuration or >>> changes in the service configurations that are required to use entityId >>> when it's provided in the request. Has anyone been able to make this work >>> or have any suggestions what I'm missing? >>> >>> -dirk >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZzWiiS1dhpQLNYTQ2oL-JggGd3AkjSoMBmHVJvkcsGWrg%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZzWiiS1dhpQLNYTQ2oL-JggGd3AkjSoMBmHVJvkcsGWrg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb7XqvqLdYtVaSatKqhw29StzbYxjENnk2nBxLa%2BgWVPg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEb7XqvqLdYtVaSatKqhw29StzbYxjENnk2nBxLa%2BgWVPg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJ%3D0EZw6uk17tR9oCpmv56VFbawsKM6mc31qK2QHkH5xjubC0g%40mail.gmail.com.