Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Matthew Uribe]

My thanks to all who have responded. I finally spotted the issue. In the 
logs, I found this:

 https://testssbxe.aims.edu:8444/Ba
nnerGeneralSsb/j_spring_cas_security_check] does not match supplied service 
[org.apereo.cas.support.saml.authentication.principal.SamlService@640edaac[id=https://testssbxe
1.aims.edu:8444/BannerGeneralSsb/j_sprin
g_cas_security_check,originalUrl=https://testssbxe1.aims.edu:8444/BannerGeneralSsb/j_spring_cas_security_check,artifactId=ST-AAHn21AEQFRQnJ3kjH1H/VWjCTCumXuhWQiE3Cx/WAPhxR97XJp/xtY9,principal=,loggedOutAlr
eady=false,format=XML]]> 

 

That "1" really does not stand out very well, and is a product of our load 
balanced setup. At first I thought I needed to make the regex in the 
service definition match either URL, but in the end found that the issue 
was in the BannerGeneralSsb_configuration.groovy file. I changed 
the serviceUrl to reflect the 1, and have had a successful login!

Thanks again.

On Thursday, February 22, 2018 at 9:10:24 AM UTC-7, Greg Booth wrote:
>
> Matthew,
>
> Here is our service definition:
>
> {
>   @class: org.apereo.cas.services.RegexRegisteredService
>   id: 
>   name: Banner
>   description: Self-Service
>   logo: https://www.mtu.edu/images/mtu-logo.png
>   serviceId: https://(www\.)?bannerweb.mtu.edu(:443)?/.*
>   attributeReleasePolicy: {
> @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
> allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER", 
> "michigantechRIDM"]]
>   }
> }
>
> On Thu, Feb 22, 2018 at 9:26 AM, Matthew Uribe  > wrote:
>
>> Thanks Travis. That's the track I've been on. Can you tell me whether 
>> this service definition looks anything like what you ended up with?
>>
>>
>> {
>>   @class:   org.apereo.cas.services.RegexRegisteredService
>>   serviceId:^
>> https://ban9server.school.edu:8444/BannerGeneralSsb(\z|/.*)
>>   name: TEST General SSB XE
>>   id:   12345
>>   attributeReleasePolicy: 
>>   {
>> @class:
>>  org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
>> allowedAttributes:
>> {
>>   @class:   java.util.TreeMap
>>   UDC_IDENTIFIER:   UDC_IDENTIFIER
>> }
>>   }
>>   "evaluationOrder" :   5
>> }
>>
>>
>> On Wednesday, February 21, 2018 at 5:18:20 PM UTC-7, Travis Schmidt wrote:
>>>
>>> I am helping a team with this exact issue right now.  Don't know 
>>> anything about the banner side of things, but I had to map the attribute 
>>> they were looking for to UDC_IDENTIFIER in the Service Registry for it to 
>>> work.
>>>
>>> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe  
>>> wrote:
>>>
 Hello Community,

 I am wondering whether anyone has had success with Banner 9 and CAS 
 5.2.x 

 We have been using the Luminis delivered CAS 3.5.2, but are interested 
 in the features available in 5, such as SAML2 IdP, and MFA using Duo. I 
 have deployed CAS 5.2.0, included cas-server-support-ldap and 
 cas-server-support-saml 
 dependencies, and setup a service for one of our Banner 9 apps, but 
 haven't 
 been able to successfully access the application. I can access the CAS 
 Dashboard, as well as the CAS-Management webapp, but the Banner apps are 
 beyond me at this point. Right now, when I navigate to the Banner 9 app, I 
 am redirected to the CAS login page. After logging in successfully, the 
 browser gives me an error: "HTTP Status 403 - No assertions found".

 I figure the problem is either in my service registry, or that I maybe 
 need to import the CAS certificate into a keystore somewhere on the Banner 
 9 server. Since I don't see anything related to a cert import in the 
 Banner 
 9 install guides, I'm focused on the first of these two possibilities, but 
 after 2 days of going in circles I've run out of ideas and would eagerly 
 accept the advice of this community.

 Thank you,
 Matt

 -- 
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 --- 
 You received this message because you are subscribed to the Google 
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to cas-user+u...@apereo.org.
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org
  
 
 .

>>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> 

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Greg Booth]

Matthew,

Here is our service definition:

{
  @class: org.apereo.cas.services.RegexRegisteredService
  id: 
  name: Banner
  description: Self-Service
  logo: https://www.mtu.edu/images/mtu-logo.png
  serviceId: https://(www\.)?bannerweb.mtu.edu(:443)?/.*
  attributeReleasePolicy: {
@class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy
allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER",
"michigantechRIDM"]]
  }
}

On Thu, Feb 22, 2018 at 9:26 AM, Matthew Uribe 
wrote:

> Thanks Travis. That's the track I've been on. Can you tell me whether this
> service definition looks anything like what you ended up with?
>
>
> {
>   @class:   org.apereo.cas.services.RegexRegisteredService
>   serviceId:^https://ban9server.school.
> edu:8444/BannerGeneralSsb(\z|/.*)
>   name: TEST General SSB XE
>   id:   12345
>   attributeReleasePolicy:
>   {
> @class: org.apereo.cas.services.
> ReturnMappedAttributeReleasePolicy
> allowedAttributes:
> {
>   @class:   java.util.TreeMap
>   UDC_IDENTIFIER:   UDC_IDENTIFIER
> }
>   }
>   "evaluationOrder" :   5
> }
>
>
> On Wednesday, February 21, 2018 at 5:18:20 PM UTC-7, Travis Schmidt wrote:
>>
>> I am helping a team with this exact issue right now.  Don't know anything
>> about the banner side of things, but I had to map the attribute they were
>> looking for to UDC_IDENTIFIER in the Service Registry for it to work.
>>
>> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe  wrote:
>>
>>> Hello Community,
>>>
>>> I am wondering whether anyone has had success with Banner 9 and CAS
>>> 5.2.x
>>>
>>> We have been using the Luminis delivered CAS 3.5.2, but are interested
>>> in the features available in 5, such as SAML2 IdP, and MFA using Duo. I
>>> have deployed CAS 5.2.0, included cas-server-support-ldap and 
>>> cas-server-support-saml
>>> dependencies, and setup a service for one of our Banner 9 apps, but haven't
>>> been able to successfully access the application. I can access the CAS
>>> Dashboard, as well as the CAS-Management webapp, but the Banner apps are
>>> beyond me at this point. Right now, when I navigate to the Banner 9 app, I
>>> am redirected to the CAS login page. After logging in successfully, the
>>> browser gives me an error: "HTTP Status 403 - No assertions found".
>>>
>>> I figure the problem is either in my service registry, or that I maybe
>>> need to import the CAS certificate into a keystore somewhere on the Banner
>>> 9 server. Since I don't see anything related to a cert import in the Banner
>>> 9 install guides, I'm focused on the first of these two possibilities, but
>>> after 2 days of going in circles I've run out of ideas and would eagerly
>>> accept the advice of this community.
>>>
>>> Thank you,
>>> Matt
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb55960
>>> 89%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/0550c55b-5029-4105-ade6-
> fb017b4d3b56%40apereo.org
> 
> .
>



-- 
Gregory Booth
Senior Systems Administrator & Technical Team Lead
IT Operations
Information Technology
Michigan Technological University
(906) 487-1797 <9064871797>
www.mtu.edu
www.it.mtu.edu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Matthew Uribe]

Thanks Greg. I've got all the following attributes listed in by 
cas.properties. When I look in /cas/status/ssosessions I see all of these 
attributes in the TGT. That's why I was thinking it must be something to do 
with the way the attributes are released in the service definition.

cas.authn.attributeRepository.ldap[0].attributes.cn:cn
cas.authn.attributeRepository.ldap[0].attributes.displayName:   displayName
cas.authn.attributeRepository.ldap[0].attributes.givenName: givenName
cas.authn.attributeRepository.ldap[0].attributes.mail:  mail
cas.authn.attributeRepository.ldap[0].attributes.sn:sn
cas.authn.attributeRepository.ldap[0].attributes.udcid: UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[0].attributes.uid:   uid


On Wednesday, February 21, 2018 at 5:50:36 PM UTC-7, Greg Booth wrote:
>
> Specifically, in cas.properties:
>
> cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER
>
>
> On Wed, Feb 21, 2018 at 7:48 PM, Greg Booth  
> wrote:
>
>> We also had to map UDC_IDENTIFIER to get it to work, although we are on 
>> CAS 5.1.5.
>>
>> On Wed, Feb 21, 2018 at 7:18 PM, Travis Schmidt > > wrote:
>>
>>> I am helping a team with this exact issue right now.  Don't know 
>>> anything about the banner side of things, but I had to map the attribute 
>>> they were looking for to UDC_IDENTIFIER in the Service Registry for it to 
>>> work.
>>>
>>> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe >> > wrote:
>>>
 Hello Community,

 I am wondering whether anyone has had success with Banner 9 and CAS 
 5.2.x 

 We have been using the Luminis delivered CAS 3.5.2, but are interested 
 in the features available in 5, such as SAML2 IdP, and MFA using Duo. I 
 have deployed CAS 5.2.0, included cas-server-support-ldap and 
 cas-server-support-saml 
 dependencies, and setup a service for one of our Banner 9 apps, but 
 haven't 
 been able to successfully access the application. I can access the CAS 
 Dashboard, as well as the CAS-Management webapp, but the Banner apps are 
 beyond me at this point. Right now, when I navigate to the Banner 9 app, I 
 am redirected to the CAS login page. After logging in successfully, the 
 browser gives me an error: "HTTP Status 403 - No assertions found".

 I figure the problem is either in my service registry, or that I maybe 
 need to import the CAS certificate into a keystore somewhere on the Banner 
 9 server. Since I don't see anything related to a cert import in the 
 Banner 
 9 install guides, I'm focused on the first of these two possibilities, but 
 after 2 days of going in circles I've run out of ideas and would eagerly 
 accept the advice of this community.

 Thank you,
 Matt

 -- 
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 --- 
 You received this message because you are subscribed to the Google 
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to cas-user+u...@apereo.org .
 To view this discussion on the web visit 
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org
  
 
 .

>>> -- 
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to cas-user+u...@apereo.org .
>>> To view this discussion on the web visit 
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEasSNK33m-WXAVmDYsQKX3CFDrV4kEesKkgrecBx01Nqw%40mail.gmail.com
>>>  
>>> 
>>> .
>>>
>>
>>
>>
>> -- 
>> Gregory Booth
>> Senior Systems Administrator & Technical Team Lead
>> IT Operations
>> Information Technology
>> Michigan Technological University
>> (906) 487-1797
>> www.mtu.edu
>> www.it.mtu.edu
>>
>
>
>
> -- 
> Gregory Booth
> Senior Systems Administrator & Technical Team Lead
> IT Operations
> Information Technology
> Michigan Technological University
> (906) 487-1797
> www.mtu.edu
> www.it.mtu.edu
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Matthew Uribe]

Thanks Travis. That's the track I've been on. Can you tell me whether this 
service definition looks anything like what you ended up with?


{
  @class:   org.apereo.cas.services.RegexRegisteredService
  serviceId:
^https://ban9server.school.edu:8444/BannerGeneralSsb(\z|/.*)
  name: TEST General SSB XE
  id:   12345
  attributeReleasePolicy: 
  {
@class:
 org.apereo.cas.services.ReturnMappedAttributeReleasePolicy
allowedAttributes:
{
  @class:   java.util.TreeMap
  UDC_IDENTIFIER:   UDC_IDENTIFIER
}
  }
  "evaluationOrder" :   5
}


On Wednesday, February 21, 2018 at 5:18:20 PM UTC-7, Travis Schmidt wrote:
>
> I am helping a team with this exact issue right now.  Don't know anything 
> about the banner side of things, but I had to map the attribute they were 
> looking for to UDC_IDENTIFIER in the Service Registry for it to work.
>
> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe  > wrote:
>
>> Hello Community,
>>
>> I am wondering whether anyone has had success with Banner 9 and CAS 5.2.x 
>>
>> We have been using the Luminis delivered CAS 3.5.2, but are interested in 
>> the features available in 5, such as SAML2 IdP, and MFA using Duo. I have 
>> deployed CAS 5.2.0, included cas-server-support-ldap and 
>> cas-server-support-saml 
>> dependencies, and setup a service for one of our Banner 9 apps, but haven't 
>> been able to successfully access the application. I can access the CAS 
>> Dashboard, as well as the CAS-Management webapp, but the Banner apps are 
>> beyond me at this point. Right now, when I navigate to the Banner 9 app, I 
>> am redirected to the CAS login page. After logging in successfully, the 
>> browser gives me an error: "HTTP Status 403 - No assertions found".
>>
>> I figure the problem is either in my service registry, or that I maybe 
>> need to import the CAS certificate into a keystore somewhere on the Banner 
>> 9 server. Since I don't see anything related to a cert import in the Banner 
>> 9 install guides, I'm focused on the first of these two possibilities, but 
>> after 2 days of going in circles I've run out of ideas and would eagerly 
>> accept the advice of this community.
>>
>> Thank you,
>> Matt
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0550c55b-5029-4105-ade6-fb017b4d3b56%40apereo.org.

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Greg Booth]

Specifically, in cas.properties:

cas.authn.attributeRepository.ldap[0].attributes.udcid=UDC_IDENTIFIER


On Wed, Feb 21, 2018 at 7:48 PM, Greg Booth  wrote:

> We also had to map UDC_IDENTIFIER to get it to work, although we are on
> CAS 5.1.5.
>
> On Wed, Feb 21, 2018 at 7:18 PM, Travis Schmidt 
> wrote:
>
>> I am helping a team with this exact issue right now.  Don't know anything
>> about the banner side of things, but I had to map the attribute they were
>> looking for to UDC_IDENTIFIER in the Service Registry for it to work.
>>
>> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe 
>> wrote:
>>
>>> Hello Community,
>>>
>>> I am wondering whether anyone has had success with Banner 9 and CAS
>>> 5.2.x
>>>
>>> We have been using the Luminis delivered CAS 3.5.2, but are interested
>>> in the features available in 5, such as SAML2 IdP, and MFA using Duo. I
>>> have deployed CAS 5.2.0, included cas-server-support-ldap and 
>>> cas-server-support-saml
>>> dependencies, and setup a service for one of our Banner 9 apps, but haven't
>>> been able to successfully access the application. I can access the CAS
>>> Dashboard, as well as the CAS-Management webapp, but the Banner apps are
>>> beyond me at this point. Right now, when I navigate to the Banner 9 app, I
>>> am redirected to the CAS login page. After logging in successfully, the
>>> browser gives me an error: "HTTP Status 403 - No assertions found".
>>>
>>> I figure the problem is either in my service registry, or that I maybe
>>> need to import the CAS certificate into a keystore somewhere on the Banner
>>> 9 server. Since I don't see anything related to a cert import in the Banner
>>> 9 install guides, I'm focused on the first of these two possibilities, but
>>> after 2 days of going in circles I've run out of ideas and would eagerly
>>> accept the advice of this community.
>>>
>>> Thank you,
>>> Matt
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb55960
>>> 89%40apereo.org
>>> 
>>> .
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CAC_RtEasSNK33m-WXAVmDYsQKX3CFDrV4
>> kEesKkgrecBx01Nqw%40mail.gmail.com
>> 
>> .
>>
>
>
>
> --
> Gregory Booth
> Senior Systems Administrator & Technical Team Lead
> IT Operations
> Information Technology
> Michigan Technological University
> (906) 487-1797 <9064871797>
> www.mtu.edu
> www.it.mtu.edu
>



-- 
Gregory Booth
Senior Systems Administrator & Technical Team Lead
IT Operations
Information Technology
Michigan Technological University
(906) 487-1797 <9064871797>
www.mtu.edu
www.it.mtu.edu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH%2BQwmiOkaRa27fiLUZjDQHqsoaZzB8yHhpmkobFqU9aBr8q0g%40mail.gmail.com.

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Greg Booth]

We also had to map UDC_IDENTIFIER to get it to work, although we are on CAS
5.1.5.

On Wed, Feb 21, 2018 at 7:18 PM, Travis Schmidt 
wrote:

> I am helping a team with this exact issue right now.  Don't know anything
> about the banner side of things, but I had to map the attribute they were
> looking for to UDC_IDENTIFIER in the Service Registry for it to work.
>
> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe 
> wrote:
>
>> Hello Community,
>>
>> I am wondering whether anyone has had success with Banner 9 and CAS 5.2.x
>>
>> We have been using the Luminis delivered CAS 3.5.2, but are interested in
>> the features available in 5, such as SAML2 IdP, and MFA using Duo. I have
>> deployed CAS 5.2.0, included cas-server-support-ldap and 
>> cas-server-support-saml
>> dependencies, and setup a service for one of our Banner 9 apps, but haven't
>> been able to successfully access the application. I can access the CAS
>> Dashboard, as well as the CAS-Management webapp, but the Banner apps are
>> beyond me at this point. Right now, when I navigate to the Banner 9 app, I
>> am redirected to the CAS login page. After logging in successfully, the
>> browser gives me an error: "HTTP Status 403 - No assertions found".
>>
>> I figure the problem is either in my service registry, or that I maybe
>> need to import the CAS certificate into a keystore somewhere on the Banner
>> 9 server. Since I don't see anything related to a cert import in the Banner
>> 9 install guides, I'm focused on the first of these two possibilities, but
>> after 2 days of going in circles I've run out of ideas and would eagerly
>> accept the advice of this community.
>>
>> Thank you,
>> Matt
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/
>> apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-
>> 3f9bb5596089%40apereo.org
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAC_RtEasSNK33m-WXAVmDYsQKX3CFDrV4kEesKkgrecBx
> 01Nqw%40mail.gmail.com
> 
> .
>



-- 
Gregory Booth
Senior Systems Administrator & Technical Team Lead
IT Operations
Information Technology
Michigan Technological University
(906) 487-1797 <9064871797>
www.mtu.edu
www.it.mtu.edu

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH%2BQwmiBTYXPkYQ3zYqqgaDRkRvTJ8jaEu9J0jYpzezXKazViA%40mail.gmail.com.

Re: [cas-user] CAS 5.2 and Ellucian Banner 9 (XE)

[Travis Schmidt]

I am helping a team with this exact issue right now.  Don't know anything
about the banner side of things, but I had to map the attribute they were
looking for to UDC_IDENTIFIER in the Service Registry for it to work.

On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe 
wrote:

> Hello Community,
>
> I am wondering whether anyone has had success with Banner 9 and CAS 5.2.x
>
> We have been using the Luminis delivered CAS 3.5.2, but are interested in
> the features available in 5, such as SAML2 IdP, and MFA using Duo. I have
> deployed CAS 5.2.0, included cas-server-support-ldap and 
> cas-server-support-saml
> dependencies, and setup a service for one of our Banner 9 apps, but haven't
> been able to successfully access the application. I can access the CAS
> Dashboard, as well as the CAS-Management webapp, but the Banner apps are
> beyond me at this point. Right now, when I navigate to the Banner 9 app, I
> am redirected to the CAS login page. After logging in successfully, the
> browser gives me an error: "HTTP Status 403 - No assertions found".
>
> I figure the problem is either in my service registry, or that I maybe
> need to import the CAS certificate into a keystore somewhere on the Banner
> 9 server. Since I don't see anything related to a cert import in the Banner
> 9 install guides, I'm focused on the first of these two possibilities, but
> after 2 days of going in circles I've run out of ideas and would eagerly
> accept the advice of this community.
>
> Thank you,
> Matt
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAC_RtEasSNK33m-WXAVmDYsQKX3CFDrV4kEesKkgrecBx01Nqw%40mail.gmail.com.