"Ellucian" - from the Latin for "software crap-fest" :-)
-- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • [email protected] On Wed, Dec 19, 2018 at 12:13 PM Jennifer LaVoie <[email protected]> wrote: > Actually, it did fix it for us in our previous version. The gobumap table > in Banner AND the AD SamAccountName had either be both lower or both > upper. > > In our new cas version, all other allucian products work even though we > made no changes in their .json service files. This one app was the only > problem, and it's now fixed. > > I swear, I am not lying :) > > On Wed, Dec 19, 2018 at 12:09 PM Richard Frovarp <[email protected]> > wrote: > >> No, changing it in AD will not fix it. The username attribute matches the >> case provided by the user, unless you change it with CAS config. The cn, >> sAMAccount name and similar will follow what is returned by AD. The problem >> you were seeing with it changing case as you did, affects the username >> attribute to all services by default. So either those services are using >> something that is being returned as an attribute from AD, are doing the >> fixup on their own, don't really need a particular case, or the service >> definition is remapping what the username attribute is. >> >> On 12/19/18 11:04 AM, Jennifer LaVoie wrote: >> >> Hi Richard >> >> We actually addressed this in our old version of CAS by changing our >> usernames in AD to be UPPER CASE. All the other allucian apps work...it >> was just this particular one. But now that is also working... >> >> it's a bit maddening to be sure. >> >> Jen >> >> On Wed, Dec 19, 2018 at 11:51 AM Richard Frovarp < >> [email protected]> wrote: >> >>> That will take care of it for the service, which will solve your problem >>> here. However, the case of the username matches the case that the user >>> entered it in at that time. So if you have applications storing information >>> based off of the username attribute, and they are using a case sensitive >>> way of looking them up in say Oracle (which is case sensitive), they are >>> brittle. Those applications are dependent on the user entering their >>> username in with matching case each time. You can address that by globally >>> setting some sort of consistency across CAS. Of course any application in >>> the current brittle mode will have problems, but it's best to address them >>> early. I've been bit by this in the past. You can use the piece below to >>> address differences in services. Either way, they shouldn't be subject to >>> the user's casing at that instance. >>> >>> >>> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-password-encoding--principal-transformation >>> >>> On 12/19/18 10:48 AM, Tom O'Neill wrote: >>> >>> Jen, >>> >>> >>> >>> You need something like this in the service provider JSON: >>> >>> >>> >>> "usernameAttributeProvider" : { >>> >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", >>> >>> "canonicalizationMode" : "UPPER" >>> >>> } >>> >>> >>> >>> The canonicalizationMode: “UPPER” should do the trick. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> *Tom* >>> >>> >>> >>> *From:* [email protected] <[email protected]> <[email protected]> *On >>> Behalf Of *Jennifer LaVoie >>> *Sent:* Wednesday, December 19, 2018 11:20 AM >>> *To:* CAS Community <[email protected]> <[email protected]> >>> *Subject:* [cas-user] username cas in CAS >>> >>> >>> >>> Hello Everyone >>> >>> >>> >>> We have 1 app that wants the username returned in UPPERCASE. We have >>> the attribute set to pull SamAccountName and in AD, that is UPPER >>> CASE...but when I log into CAS with lower case, it is passing my username >>> to the app in lower case...when I log in as upper case, it passes to the >>> app in upper case...how can I fix this? >>> >>> >>> >>> Thank you >>> >>> Jen >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> "Confusion is a word we have invented for an order which is not >> understood." ~Henry Miller >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu?utm_medium=email&utm_source=footer> >> . >> > > > -- > "Confusion is a word we have invented for an order which is not > understood." ~Henry Miller > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > On Wed, Dec 19, 2018 at 12:13 PM Jennifer LaVoie <[email protected]> wrote: > Actually, it did fix it for us in our previous version. The gobumap table > in Banner AND the AD SamAccountName had either be both lower or both > upper. > > In our new cas version, all other allucian products work even though we > made no changes in their .json service files. This one app was the only > problem, and it's now fixed. > > I swear, I am not lying :) > > On Wed, Dec 19, 2018 at 12:09 PM Richard Frovarp <[email protected]> > wrote: > >> No, changing it in AD will not fix it. The username attribute matches the >> case provided by the user, unless you change it with CAS config. The cn, >> sAMAccount name and similar will follow what is returned by AD. The problem >> you were seeing with it changing case as you did, affects the username >> attribute to all services by default. So either those services are using >> something that is being returned as an attribute from AD, are doing the >> fixup on their own, don't really need a particular case, or the service >> definition is remapping what the username attribute is. >> >> On 12/19/18 11:04 AM, Jennifer LaVoie wrote: >> >> Hi Richard >> >> We actually addressed this in our old version of CAS by changing our >> usernames in AD to be UPPER CASE. All the other allucian apps work...it >> was just this particular one. But now that is also working... >> >> it's a bit maddening to be sure. >> >> Jen >> >> On Wed, Dec 19, 2018 at 11:51 AM Richard Frovarp < >> [email protected]> wrote: >> >>> That will take care of it for the service, which will solve your problem >>> here. However, the case of the username matches the case that the user >>> entered it in at that time. So if you have applications storing information >>> based off of the username attribute, and they are using a case sensitive >>> way of looking them up in say Oracle (which is case sensitive), they are >>> brittle. Those applications are dependent on the user entering their >>> username in with matching case each time. You can address that by globally >>> setting some sort of consistency across CAS. Of course any application in >>> the current brittle mode will have problems, but it's best to address them >>> early. I've been bit by this in the past. You can use the piece below to >>> address differences in services. Either way, they shouldn't be subject to >>> the user's casing at that instance. >>> >>> >>> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-password-encoding--principal-transformation >>> >>> On 12/19/18 10:48 AM, Tom O'Neill wrote: >>> >>> Jen, >>> >>> >>> >>> You need something like this in the service provider JSON: >>> >>> >>> >>> "usernameAttributeProvider" : { >>> >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", >>> >>> "canonicalizationMode" : "UPPER" >>> >>> } >>> >>> >>> >>> The canonicalizationMode: “UPPER” should do the trick. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> *Tom* >>> >>> >>> >>> *From:* [email protected] <[email protected]> <[email protected]> *On >>> Behalf Of *Jennifer LaVoie >>> *Sent:* Wednesday, December 19, 2018 11:20 AM >>> *To:* CAS Community <[email protected]> <[email protected]> >>> *Subject:* [cas-user] username cas in CAS >>> >>> >>> >>> Hello Everyone >>> >>> >>> >>> We have 1 app that wants the username returned in UPPERCASE. We have >>> the attribute set to pull SamAccountName and in AD, that is UPPER >>> CASE...but when I log into CAS with lower case, it is passing my username >>> to the app in lower case...when I log in as upper case, it passes to the >>> app in upper case...how can I fix this? >>> >>> >>> >>> Thank you >>> >>> Jen >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> "Confusion is a word we have invented for an order which is not >> understood." ~Henry Miller >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu?utm_medium=email&utm_source=footer> >> . >> > > > -- > "Confusion is a word we have invented for an order which is not > understood." ~Henry Miller > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP_5e0R9uos67CZzN%2BM4i1KzMfrsTtHuK__z1z-ebT3PQ%40mail.gmail.com.
