Thanks! I'm working with Elluician now. It's strange to me that it works with just CAS but then does not work when CAS is configured as an ADFS client. It's as if CAS is not speaking SAML for that initial log in but it is speaking SAML for subsequent logins.
-- Erik Mallory Server Analyst Wichita State University On Thu, 2020-07-16 at 22:29 +0000, Ray Bon wrote: > CAUTION: This email originated from outside of Wichita State > University. Do not click links or open attachments unless you > recognize the sender and know the content is safe. > > Erik, > > Our Banner setup uses SAML 1.1. During the log in request it is > /cas/login?TARGET=blah/banner/applicationnavigator > 'service' is used for CAS protocol. Check your banner setup. > > Ray > > On Thu, 2020-07-16 at 21:07 +0000, 'Mallory, Erik' via CAS Community > wrote: > > Hello I think I've narrowed the problem and I *think* it's on the > > application side... but... is there any way to control the source > > parameter that we see below in the logs. If I could configure cas > > to > > always send source=TARGET I think this configuration would work for > > the > > banner apps. > > > > Log from inital login which produces "Invalid login/access denied" > > <Built response > > [org.apereo.cas.authentication.principal.DefaultResponse@323ac4df] > > for > > [AbstractWebApplicationService(id= > > > > https://banxe-appdev.wichita.edu/applicationNavigator/j_spring_cas_security_check > > > > , originalUrl= > > > > https://banxe-appdev.wichita.edu/applicationNavigator/j_spring_cas_security_check > > > > , artifactId=null, principal=f282c439, source=service, > > loggedOutAlready=false, format=XML, attributes={})]> > > ^^ Invalid login access denied. > > > > Log from the an established CAS/ADFS session gaining access to the > > application > > > > <Located service [AbstractWebApplicationService(id= > > > > https://banxe-appdev.wichita.edu/applicationNavigator/j_spring_cas_security_check > > > > , originalUrl= > > > > https://banxe-appdev.wichita.edu/applicationNavigator/j_spring_cas_security_check > > > > , artifactId=null, principal=f282c439, source=TARGET, > > loggedOutAlready=false, format=XML, attributes={})] from the > > context> > > ^^ works > > > > In the applications there is a groovy file with a parameter > > > > serviceParameter = 'TARGET' > > > > I tried changing it to 'service' but had no luck. > > -- > > Erik Mallory > > Server Analyst > > Wichita State University > > > > -- > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within > the ancestral, traditional and unceded territory of the Songhees, > Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6f456a2cc561e9552639d6e94a0b2956c51dcd2c.camel%40wichita.edu.
