Here is the entire JSON file (using the real server names, but blanking out
the "memberOf" security groups):
---BEGIN---
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^http(s)?://servicespre\\.taylor(u)?\\.edu(/.*)?$",
"name": "TOWER -- services",
"id": 11000904,
"description": "You are authenticating to ___servicespre.taylor.edu___",
"evaluationOrder": 104,
"accessStrategy" :
{
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"unauthorizedRedirectUrl" :
"https://sso.taylor.edu/cas_access_denied/bannersso.html";,
"requireAllAttributes" : false,
"ssoEnabled" : true,
"requiredAttributes" :
{
"@class" : "java.util.HashMap",
"memberOf" : [ "java.util.HashSet", [
"CN=xx,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx","CN=xx2,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx",(and
so forth...)" ] ]
}
}
"usernameAttributeProvider":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode": "LOWER"
}
"attributeReleasePolicy":
{
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
---END---
On Thursday, January 23, 2020 at 6:09:49 PM UTC-5, crdaudt wrote:
>
> {
> "serviceId": "^http(s)?://our_banner_server\\.taylor(u)?\\.edu(/.*)?$",
> "name": "TOWER -- services",
> (and so forth)
> }
>
> On Thursday, January 23, 2020 at 5:48:01 PM UTC-5, rbon wrote:
>>
>> Carl,
>>
>> TARGET is used with SAML 1.1 protocol (which Banner uses), service with
>> CAS protocol(s).
>> What is your service Id?
>> It is odd that it works with service= and not TARGET=.
>>
>> Ray
>>
>>
>> On Thu, 2020-01-23 at 14:24 -0800, crdaudt wrote:
>>
>> We have had our Ellucian Banner service authenticating users through our
>> CAS 5.2.2 service for several years, and are now attempting to migrate to
>> our CAS 6.1.3 service. However, CAS does not recognize the JSON entry that
>> we have in place for Banner. I believe the issue is related to the fact
>> that the service ticket request includes the parameter "TARGET=..." rather
>> than "service=..." in the URL. I.e.,:
>>
>>
>> https://our.cas.server.edu/cas/login?TARGET=https%3A%2F%2Four.banner.server.edu%2FEmployeeSelfService%2Flogin%2Fcas
>>
>> rather than:
>>
>>
>> https://our.cas.server.edu/cas/login?service=https%3A%2F%2Four.banner.server.edu%2FEmployeeSelfService%2Flogin%2Fcas
>>
>> If I manually replace 'TARGET=' with 'service=', the JSON entry is
>> recognized and a service ticket is created. However, the banner service
>> itself fails to do anything with the service ticket.
>>
>> Let me reiterate that the same JSON entry worked in our CAS 5
>> environment, but fails to work in our CAS 6.1 environment.
>>
>> Any ideas?
>> Carl
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/90ce614c-3878-4891-8455-70a6bc6e21d7%40apereo.org.
