>>> We have a vendor whose CAS integration instructions for a specific product >>> requires us to modify casServiceValidationSuccess.jsp such that it returns >>> attributes instead of using /samlValidate. Has anyone else had a request >>> like this? >> >> We've had even worse -- the Sungard/Banner integration requires an >> integration library that exposes an entirely new service validation >> endpoint that speaks some proprietary XML. > >This is another Sungard/Banner product that really should either use SAML or >the new service validator, but doesn't :-/.
I would half prefer them using the /bannerValidate method for consistency purposes between products instead of requiring various modifications for different products. > >> >>> If so, what has your response been? >> >> We followed the vendor instructions because it was required for >> integration. We did try to shame them for not using the existing SAML >> 1.1 support, but I doubt it worked. On the other hand I hear they're >> moving to SAML. > >That's what I'm afraid were going to have to do. I guess there's no real >security risks because any service that will see this could also do a SAML >request... Our DBAs ended up making a temporary hack modification to one of the integration scripts such that it takes the username and looks up the person's udcid. This produces the intended result while we hope for a proper fix. > >> >>> We would really prefer to request that they fix their application than >>> make changes to CAS for this. >> >> I hope you'll collaborate with your vendor to make the requisite >> changes. If you're a valuable customer/partner, then you may be >> successful to the benefit of yourself and others. It's definitely the >> high road and one worth taking even if it ends in a dead end. > >We have a ticket in, but I'm not sure it's going to do much good. Thanks for >the input. > >P.S. - I work with Norman in case you're wondering why I'm responding. >> The SR was updated this afternoon requesting that they look into modifying the extract process such that it allows for mapping on username (which shouldn't be a horrible modification for them to make). The action line representative is a middle man in this, but he did offer getting a call setup with one of the developers to discuss our concerns. Matching on username should be a good option for customers of this product no matter which ERP system they use (it sounds like this product isn't specifically for Banner customers). -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
