CAS 5.0.0 configuration for Ellucian Banner SSO Manager

Daniel

unread,

Feb 15, 2017, 1:56:10 PM2/15/17

to CAS Community

Greetings,

We are currently attempting to get our CAS instance to work with our new Banner SSO Manager instance.

When we attempt to log in, we receive the following error:

com.ellucian.sso.exception.ApplicationException: UDC Id not available

from the ellucian product.

We have configured our cas.properties as follows:

-----------------------------

...

cas.authn.accept.users=

cas.authn.ldap[0].type=AUTHENTICATED

cas.authn.ldap[0].ldapUrl=ldap://127.0.0.1/

cas.authn.ldap[0].useSsl=false

cas.authn.ldap[0].useStartTls=false

cas.authn.ldap[0].connectTimeout=5000

cas.authn.ldap[0].baseDn=dc=xxxxxxxxxxxxx

cas.authn.ldap[0].userFilter=uid={user}

cas.authn.ldap[0].subtreeSearch=true

cas.authn.ldap[0].usePasswordPolicy=false

cas.authn.ldap[0].bindDn=xxxxxxxxxxxxx

cas.authn.ldap[0].bindCredential=xxxxxxxxxxxxx

cas.authn.ldap[0].principalAttributeId=displayName

cas.authn.ldap[0].principalAttributePassword=

cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true

cas.authn.ldap[0].additionalAttributes=sn,cn

##CAS Attribute Repository

cas.authn.attributeRepository.defaultAttributesToRelease=sn,cn,displayName,UDC_IDENTIFIER

cas.authn.attributeRepository.ldap.ldapUrl=ldap://127.0.0.1/

cas.authn.attributeRepository.ldap.useSsl=false

cas.authn.attributeRepository.ldap.baseDn=xxxxxxxxxxxxxxxxxxxx

cas.authn.attributeRepository.ldap.userFilter=uid={0}

cas.authn.attributeRepository.ldap.bindDn=xxxxxxxxxxxxxxxxxx

cas.authn.attributeRepository.ldap.bindCredential=xxxxxxxxxxx

cas.authn.attributeRepository.attributes.cn=cn

cas.authn.attributeRepository.attributes.sn=sn

cas.authn.attributeRepository.attributes.displayName=displayName

cas.authn.attributeRepository.attributes.UDC_IDENTIFIER=displayName

...

-----------------------

Can someone please give us some guidance on troubleshooting this issue?

Thank you,

Daniel

unread,

Feb 21, 2017, 3:08:22 PM2/21/17

to CAS Community

I am sure we are missing some property.

We need to release the displayName attribute from ldap as the udc_identifier attribute in SAML.

Can anyone suggest what we are missing? or any steps we can take to get better results from logs?

Linda Toth

unread,

Mar 3, 2017, 4:07:42 PM3/3/17

to CAS Community, wid...@sunyit.edu

Before I waste your time, did you successfully configure Ellucian in previous CAS versions? If you did, then there are substantial changes is the configuration format between older versions and now, so what I have won't help you.

If this is your first integration, I can at least show you the phrasing we used for integration between our LDAP and Ellucian, but our version is well behind 5.x.

Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity and Access Management

910 Yukon Drive, Suite 103

Fairbanks, Alaska 99775

Tel: 907-450-8320

Fax: 907-450-8381

Linda...@alaska.edu | www.alaska.edu/oit/

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/38688dbb-0bc6-459e-9975-18befa0cb819%40apereo.org.

Gunny Kc

unread,

Oct 4, 2017, 9:47:28 AM10/4/17

to CAS Community, wid...@sunyit.edu

Hi Linda

I have been facing the same problem with CAS 3.4.12.1 version; can you give me some insight?

In our LDAP, instead of UDC_IDENTIFER, we have an uid (attribute name) that holds and UDCID got generated by IDEU. Is this really important to have a UDC_IDENTIFER as an attribute in LDAP? Please suggest.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

Ray Bon

unread,

Oct 4, 2017, 11:41:09 AM10/4/17

to cas-...@apereo.org, wid...@sunyit.edu

Gunny,

This is what I have for 3.5.2.1:

<!--

https://wiki.jasig.org/display/casum/attributes#Attributes-Configuringmulti-valuedkeysupportforattributes

-->

<util:set id="spridenIdSet">

<value>UDC_IDENTIFIER</value>

<value>uvicEduPersonSpridenID</value>

</util:set>

<!--

Bean that defines the attributes that a service may return.

-->

<!--

Attribute mapping between principal (key) and LDAP (value) names

used to perform the LDAP search. By default, multiple search criteria

are ANDed together. Set the queryType property to change to OR.

-->

<map>

</map>

</property>

<map>

</map>

</property>

</bean>

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

Tom O'Neill

unread,

Oct 4, 2017, 3:28:12 PM10/4/17

to cas-...@apereo.org, wid...@sunyit.edu

Gunny,

The UDC ID attribute that is exposed by CAS is used as a crosswalk value to identify the user’s Banner PIDM by querying the GOBUMAP table and it is required.

Thanks,

Tom O’Neill

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1507131661.1689.9.camel%40uvic.ca.

Reply all

Reply to author

Forward