Gunny, The UDC ID attribute that is exposed by CAS is used as a crosswalk value to identify the user’s Banner PIDM by querying the GOBUMAP table and it is required.
Thanks, Tom O’Neill From: [email protected] [mailto:[email protected]] On Behalf Of Ray Bon Sent: Wednesday, October 4, 2017 11:41 AM To: [email protected] Cc: [email protected] Subject: Re: [cas-user] Re: CAS 5.0.0 configuration for Ellucian Banner SSO Manager Gunny, This is what I have for 3.5.2.1: <!-- https://wiki.jasig.org/display/casum/attributes#Attributes-Configuringmulti-valuedkeysupportforattributes --> <!-- multi-valued key support for the myPersonId attribute --> <util:set id="spridenIdSet"> <value>UDC_IDENTIFIER</value> <value>uvicEduPersonSpridenID</value> </util:set> <!-- Bean that defines the attributes that a service may return. --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao"> <property name="contextSource" ref="contextSource" /> <property name="baseDN" value="dc=uvic,dc=ca" /> <!-- <property name="baseDN" value="${ldap-people-base-dn}" /> --> <!-- Attribute mapping between principal (key) and LDAP (value) names used to perform the LDAP search. By default, multiple search criteria are ANDed together. Set the queryType property to change to OR. --> <property name="queryAttributeMapping"> <map> <entry key="username" value="uid" /> </map> </property><!-- --> <property name="resultAttributeMapping"> <map> <!-- Mapping between LDAP entry attributes (key) and Principal's (value) --> <entry key="uvicEduPersonSpridenID" value-ref="spridenIdSet"/> <entry key="UDC_IDENTIFIER" value-ref="spridenIdSet"/> <entry key="uvicEduPersonNetLinkContactUpdateTimestamp" value="contactUpdateTimestamp" /> </map> </property> </bean> Ray On Wed, 2017-10-04 at 06:47 -0700, Gunny Kc wrote: Hi Linda I have been facing the same problem with CAS 3.4.12.1 version; can you give me some insight? In our LDAP, instead of UDC_IDENTIFER, we have an uid (attribute name) that holds and UDCID got generated by IDEU. Is this really important to have a UDC_IDENTIFER as an attribute in LDAP? Please suggest. On Saturday, March 4, 2017 at 12:07:42 AM UTC+3, lttoth wrote: Before I waste your time, did you successfully configure Ellucian in previous CAS versions? If you did, then there are substantial changes is the configuration format between older versions and now, so what I have won't help you. If this is your first integration, I can at least show you the phrasing we used for integration between our LDAP and Ellucian, but our version is well behind 5.x. Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 Fairbanks, Alaska 99775 Tel: 907-450-8320 Fax: 907-450-8381 [email protected]<javascript:> | www.alaska.edu/oit/<http://www.alaska.edu/oit/> On Tue, Feb 21, 2017 at 11:08 AM, Daniel <[email protected]<javascript:>> wrote: I am sure we are missing some property. We need to release the displayName attribute from ldap as the udc_identifier attribute in SAML. Can anyone suggest what we are missing? or any steps we can take to get better results from logs? On Wednesday, February 15, 2017 at 1:56:10 PM UTC-5, Daniel wrote: Greetings, We are currently attempting to get our CAS instance to work with our new Banner SSO Manager instance. When we attempt to log in, we receive the following error: com.ellucian.sso.exception.ApplicationException: UDC Id not available from the ellucian product. We have configured our cas.properties as follows: ----------------------------- ... cas.authn.accept.users= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://127.0.0.1/<http://127.0.0.1/> cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=5000 cas.authn.ldap[0].baseDn=dc=xxxxxxxxxxxxx cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].usePasswordPolicy=false cas.authn.ldap[0].bindDn=xxxxxxxxxxxxx cas.authn.ldap[0].bindCredential=xxxxxxxxxxxxx cas.authn.ldap[0].principalAttributeId=displayName cas.authn.ldap[0].principalAttributePassword= cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true cas.authn.ldap[0].additionalAttributes=sn,cn ##CAS Attribute Repository cas.authn.attributeRepository.defaultAttributesToRelease=sn,cn,displayName,UDC_IDENTIFIER cas.authn.attributeRepository.ldap.ldapUrl=ldap://127.0.0.1/<http://127.0.0.1/> cas.authn.attributeRepository.ldap.useSsl=false cas.authn.attributeRepository.ldap.baseDn=xxxxxxxxxxxxxxxxxxxx cas.authn.attributeRepository.ldap.userFilter=uid={0} cas.authn.attributeRepository.ldap.bindDn=xxxxxxxxxxxxxxxxxx cas.authn.attributeRepository.ldap.bindCredential=xxxxxxxxxxx cas.authn.attributeRepository.attributes.cn<http://cas.authn.attributeRepository.attributes.cn>=cn cas.authn.attributeRepository.attributes.sn<http://cas.authn.attributeRepository.attributes.sn>=sn cas.authn.attributeRepository.attributes.displayName=displayName cas.authn.attributeRepository.attributes.UDC_IDENTIFIER=displayName ... ----------------------- Can someone please give us some guidance on troubleshooting this issue? Thank you, -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<javascript:>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/38688dbb-0bc6-459e-9975-18befa0cb819%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/38688dbb-0bc6-459e-9975-18befa0cb819%40apereo.org?utm_medium=email&utm_source=footer>. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1507131661.1689.9.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1507131661.1689.9.camel%40uvic.ca?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR02MB27738A0614B84C4850DFD8C8CB730%40CY4PR02MB2773.namprd02.prod.outlook.com.
