"Ellucian" - from the Latin for "software crap-fest" :-)
-- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • david.cu...@newschool.edu On Wed, Dec 19, 2018 at 12:13 PM Jennifer LaVoie <nixgeekg...@gmail.com> wrote: > Actually, it did fix it for us in our previous version. The gobumap table > in Banner AND the AD SamAccountName had either be both lower or both > upper. > > In our new cas version, all other allucian products work even though we > made no changes in their .json service files. This one app was the only > problem, and it's now fixed. > > I swear, I am not lying :) > > On Wed, Dec 19, 2018 at 12:09 PM Richard Frovarp <richard.frov...@ndsu.edu> > wrote: > >> No, changing it in AD will not fix it. The username attribute matches the >> case provided by the user, unless you change it with CAS config. The cn, >> sAMAccount name and similar will follow what is returned by AD. The problem >> you were seeing with it changing case as you did, affects the username >> attribute to all services by default. So either those services are using >> something that is being returned as an attribute from AD, are doing the >> fixup on their own, don't really need a particular case, or the service >> definition is remapping what the username attribute is. >> >> On 12/19/18 11:04 AM, Jennifer LaVoie wrote: >> >> Hi Richard >> >> We actually addressed this in our old version of CAS by changing our >> usernames in AD to be UPPER CASE. All the other allucian apps work...it >> was just this particular one. But now that is also working... >> >> it's a bit maddening to be sure. >> >> Jen >> >> On Wed, Dec 19, 2018 at 11:51 AM Richard Frovarp < >> richard.frov...@ndsu.edu> wrote: >> >>> That will take care of it for the service, which will solve your problem >>> here. However, the case of the username matches the case that the user >>> entered it in at that time. So if you have applications storing information >>> based off of the username attribute, and they are using a case sensitive >>> way of looking them up in say Oracle (which is case sensitive), they are >>> brittle. Those applications are dependent on the user entering their >>> username in with matching case each time. You can address that by globally >>> setting some sort of consistency across CAS. Of course any application in >>> the current brittle mode will have problems, but it's best to address them >>> early. I've been bit by this in the past. You can use the piece below to >>> address differences in services. Either way, they shouldn't be subject to >>> the user's casing at that instance. >>> >>> >>> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-password-encoding--principal-transformation >>> >>> On 12/19/18 10:48 AM, Tom O'Neill wrote: >>> >>> Jen, >>> >>> >>> >>> You need something like this in the service provider JSON: >>> >>> >>> >>> "usernameAttributeProvider" : { >>> >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", >>> >>> "canonicalizationMode" : "UPPER" >>> >>> } >>> >>> >>> >>> The canonicalizationMode: “UPPER” should do the trick. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> *Tom* >>> >>> >>> >>> *From:* cas-user@apereo.org <cas-user@apereo.org> <cas-user@apereo.org> *On >>> Behalf Of *Jennifer LaVoie >>> *Sent:* Wednesday, December 19, 2018 11:20 AM >>> *To:* CAS Community <cas-user@apereo.org> <cas-user@apereo.org> >>> *Subject:* [cas-user] username cas in CAS >>> >>> >>> >>> Hello Everyone >>> >>> >>> >>> We have 1 app that wants the username returned in UPPERCASE. We have >>> the attribute set to pull SamAccountName and in AD, that is UPPER >>> CASE...but when I log into CAS with lower case, it is passing my username >>> to the app in lower case...when I log in as upper case, it passes to the >>> app in upper case...how can I fix this? >>> >>> >>> >>> Thank you >>> >>> Jen >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> "Confusion is a word we have invented for an order which is not >> understood." ~Henry Miller >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu?utm_medium=email&utm_source=footer> >> . >> > > > -- > "Confusion is a word we have invented for an order which is not > understood." ~Henry Miller > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > On Wed, Dec 19, 2018 at 12:13 PM Jennifer LaVoie <nixgeekg...@gmail.com> wrote: > Actually, it did fix it for us in our previous version. The gobumap table > in Banner AND the AD SamAccountName had either be both lower or both > upper. > > In our new cas version, all other allucian products work even though we > made no changes in their .json service files. This one app was the only > problem, and it's now fixed. > > I swear, I am not lying :) > > On Wed, Dec 19, 2018 at 12:09 PM Richard Frovarp <richard.frov...@ndsu.edu> > wrote: > >> No, changing it in AD will not fix it. The username attribute matches the >> case provided by the user, unless you change it with CAS config. The cn, >> sAMAccount name and similar will follow what is returned by AD. The problem >> you were seeing with it changing case as you did, affects the username >> attribute to all services by default. So either those services are using >> something that is being returned as an attribute from AD, are doing the >> fixup on their own, don't really need a particular case, or the service >> definition is remapping what the username attribute is. >> >> On 12/19/18 11:04 AM, Jennifer LaVoie wrote: >> >> Hi Richard >> >> We actually addressed this in our old version of CAS by changing our >> usernames in AD to be UPPER CASE. All the other allucian apps work...it >> was just this particular one. But now that is also working... >> >> it's a bit maddening to be sure. >> >> Jen >> >> On Wed, Dec 19, 2018 at 11:51 AM Richard Frovarp < >> richard.frov...@ndsu.edu> wrote: >> >>> That will take care of it for the service, which will solve your problem >>> here. However, the case of the username matches the case that the user >>> entered it in at that time. So if you have applications storing information >>> based off of the username attribute, and they are using a case sensitive >>> way of looking them up in say Oracle (which is case sensitive), they are >>> brittle. Those applications are dependent on the user entering their >>> username in with matching case each time. You can address that by globally >>> setting some sort of consistency across CAS. Of course any application in >>> the current brittle mode will have problems, but it's best to address them >>> early. I've been bit by this in the past. You can use the piece below to >>> address differences in services. Either way, they shouldn't be subject to >>> the user's casing at that instance. >>> >>> >>> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#ldap-password-encoding--principal-transformation >>> >>> On 12/19/18 10:48 AM, Tom O'Neill wrote: >>> >>> Jen, >>> >>> >>> >>> You need something like this in the service provider JSON: >>> >>> >>> >>> "usernameAttributeProvider" : { >>> >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider", >>> >>> "canonicalizationMode" : "UPPER" >>> >>> } >>> >>> >>> >>> The canonicalizationMode: “UPPER” should do the trick. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> *Tom* >>> >>> >>> >>> *From:* cas-user@apereo.org <cas-user@apereo.org> <cas-user@apereo.org> *On >>> Behalf Of *Jennifer LaVoie >>> *Sent:* Wednesday, December 19, 2018 11:20 AM >>> *To:* CAS Community <cas-user@apereo.org> <cas-user@apereo.org> >>> *Subject:* [cas-user] username cas in CAS >>> >>> >>> >>> Hello Everyone >>> >>> >>> >>> We have 1 app that wants the username returned in UPPERCASE. We have >>> the attribute set to pull SamAccountName and in AD, that is UPPER >>> CASE...but when I log into CAS with lower case, it is passing my username >>> to the app in lower case...when I log in as upper case, it passes to the >>> app in upper case...how can I fix this? >>> >>> >>> >>> Thank you >>> >>> Jen >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/15b14998-d661-443e-a784-7e9ce61b4120%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/DM5PR02MB32761ED8FA13628C734D25AFCBBE0%40DM5PR02MB3276.namprd02.prod.outlook.com?utm_medium=email&utm_source=footer> >>> . >>> >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+unsubscr...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ef22a9-114c-78fb-927a-d36e2caabc4a%40ndsu.edu?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> "Confusion is a word we have invented for an order which is not >> understood." ~Henry Miller >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vF3NspB9nuFrjSiVVtyw-V0TgcgBEV%3Df%3DU9oG%3DCU3euZA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+unsubscr...@apereo.org. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e4ce37e-44f8-4a22-a3aa-e43f5194a8d2%40ndsu.edu?utm_medium=email&utm_source=footer> >> . >> > > > -- > "Confusion is a word we have invented for an order which is not > understood." ~Henry Miller > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGqCPHTw%3DBcv34ptrzG%3DyicueZHnMY5wBAVCP3eu62YnA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAP_5e0R9uos67CZzN%2BM4i1KzMfrsTtHuK__z1z-ebT3PQ%40mail.gmail.com.
