Carl,
Do you have saml support enabled:
compile "org.apereo.cas:cas-server-support-saml:${casServerVersion}"
Ray
On Thu, 2020-01-23 at 15:32 -0800, crdaudt wrote:
Here is the entire JSON file (using the real server names, but blanking out the
"memberOf" security groups):
---BEGIN---
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^http(s)?://servicespre\\.taylor(u)?\\.edu(/.*)?$",
"name": "TOWER -- services",
"id": 11000904,
"description": "You are authenticating to ___servicespre.taylor.edu___",
"evaluationOrder": 104,
"accessStrategy" :
{
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"unauthorizedRedirectUrl" :
"https://sso.taylor.edu/cas_access_denied/bannersso.html";,
"requireAllAttributes" : false,
"ssoEnabled" : true,
"requiredAttributes" :
{
"@class" : "java.util.HashMap",
"memberOf" : [ "java.util.HashSet", [
"CN=xx,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx","CN=xx2,OU=xx,OU=xx,DC=xx,DC=xx,DC=xx",(and
so forth...)" ] ]
}
}
"usernameAttributeProvider":
{
"@class":
"org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider",
"canonicalizationMode": "LOWER"
}
"attributeReleasePolicy":
{
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
---END---
On Thursday, January 23, 2020 at 6:09:49 PM UTC-5, crdaudt wrote:
{
"serviceId": "^http(s)?://our_banner_server\\.taylor(u)?\\.edu(/.*)?$",
"name": "TOWER -- services",
(and so forth)
}
On Thursday, January 23, 2020 at 5:48:01 PM UTC-5, rbon wrote:
Carl,
TARGET is used with SAML 1.1 protocol (which Banner uses), service with CAS
protocol(s).
What is your service Id?
It is odd that it works with service= and not TARGET=.
Ray
On Thu, 2020-01-23 at 14:24 -0800, crdaudt wrote:
We have had our Ellucian Banner service authenticating users through our CAS
5.2.2 service for several years, and are now attempting to migrate to our CAS
6.1.3 service. However, CAS does not recognize the JSON entry that we have in
place for Banner. I believe the issue is related to the fact that the service
ticket request includes the parameter "TARGET=..." rather than "service=..." in
the URL. I.e.,:
https://our.cas.server.edu/cas/login?TARGET=https%3A%2F%2Four.banner.server.edu%2FEmployeeSelfService%2Flogin%2Fcas
rather than:
https://our.cas.server.edu/cas/login?service=https%3A%2F%2Four.banner.server.edu%2FEmployeeSelfService%2Flogin%2Fcas
If I manually replace 'TARGET=' with 'service=', the JSON entry is recognized
and a service ticket is created. However, the banner service itself fails to
do anything with the service ticket.
Let me reiterate that the same JSON entry worked in our CAS 5 environment, but
fails to work in our CAS 6.1 environment.
Any ideas?
Carl
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/645fb62be5d3a2cd9c589948eebf900b6757f90d.camel%40uvic.ca.
