My thanks to all who have responded. I finally spotted the issue. In the logs, I found this:
<Service ticket [ST-AAHn21AEQFRQnJ3kjH1H/VWjCTCumXuhWQiE3Cx/WAPhxR97XJp/xtY9] with service [https://testssbxe.aims.edu:8444/Ba nnerGeneralSsb/j_spring_cas_security_check] does not match supplied service [org.apereo.cas.support.saml.authentication.principal.SamlService@640edaac[id=https://testssbxe 1.aims.edu:8444/BannerGeneralSsb/j_sprin g_cas_security_check,originalUrl=https://testssbxe1.aims.edu:8444/BannerGeneralSsb/j_spring_cas_security_check,artifactId=ST-AAHn21AEQFRQnJ3kjH1H/VWjCTCumXuhWQiE3Cx/WAPhxR97XJp/xtY9,principal=<null>,loggedOutAlr eady=false,format=XML]]> That "1" really does not stand out very well, and is a product of our load balanced setup. At first I thought I needed to make the regex in the service definition match either URL, but in the end found that the issue was in the BannerGeneralSsb_configuration.groovy file. I changed the serviceUrl to reflect the 1, and have had a successful login! Thanks again. On Thursday, February 22, 2018 at 9:10:24 AM UTC-7, Greg Booth wrote: > > Matthew, > > Here is our service definition: > > { > @class: org.apereo.cas.services.RegexRegisteredService > id: 9999 > name: Banner > description: Self-Service > logo: https://www.mtu.edu/images/mtu-logo.png > serviceId: https://(www\.)?bannerweb.mtu.edu(:443)?/.* > attributeReleasePolicy: { > @class: org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy > allowedAttributes: ["java.util.ArrayList", ["UDC_IDENTIFIER", > "michigantechRIDM"]] > } > } > > On Thu, Feb 22, 2018 at 9:26 AM, Matthew Uribe <matthe...@aims.edu > <javascript:>> wrote: > >> Thanks Travis. That's the track I've been on. Can you tell me whether >> this service definition looks anything like what you ended up with? >> >> >> { >> @class: org.apereo.cas.services.RegexRegisteredService >> serviceId: ^ >> https://ban9server.school.edu:8444/BannerGeneralSsb(\z|/.*) >> name: TEST General SSB XE >> id: 12345 >> attributeReleasePolicy: >> { >> @class: >> org.apereo.cas.services.ReturnMappedAttributeReleasePolicy >> allowedAttributes: >> { >> @class: java.util.TreeMap >> UDC_IDENTIFIER: UDC_IDENTIFIER >> } >> } >> "evaluationOrder" : 5 >> } >> >> >> On Wednesday, February 21, 2018 at 5:18:20 PM UTC-7, Travis Schmidt wrote: >>> >>> I am helping a team with this exact issue right now. Don't know >>> anything about the banner side of things, but I had to map the attribute >>> they were looking for to UDC_IDENTIFIER in the Service Registry for it to >>> work. >>> >>> On Wed, Feb 21, 2018 at 3:46 PM Matthew Uribe <matthe...@aims.edu> >>> wrote: >>> >>>> Hello Community, >>>> >>>> I am wondering whether anyone has had success with Banner 9 and CAS >>>> 5.2.x >>>> >>>> We have been using the Luminis delivered CAS 3.5.2, but are interested >>>> in the features available in 5, such as SAML2 IdP, and MFA using Duo. I >>>> have deployed CAS 5.2.0, included cas-server-support-ldap and >>>> cas-server-support-saml >>>> dependencies, and setup a service for one of our Banner 9 apps, but >>>> haven't >>>> been able to successfully access the application. I can access the CAS >>>> Dashboard, as well as the CAS-Management webapp, but the Banner apps are >>>> beyond me at this point. Right now, when I navigate to the Banner 9 app, I >>>> am redirected to the CAS login page. After logging in successfully, the >>>> browser gives me an error: "HTTP Status 403 - No assertions found". >>>> >>>> I figure the problem is either in my service registry, or that I maybe >>>> need to import the CAS certificate into a keystore somewhere on the Banner >>>> 9 server. Since I don't see anything related to a cert import in the >>>> Banner >>>> 9 install guides, I'm focused on the first of these two possibilities, but >>>> after 2 days of going in circles I've run out of ideas and would eagerly >>>> accept the advice of this community. >>>> >>>> Thank you, >>>> Matt >>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to cas-user+u...@apereo.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/56930314-153c-4426-8eda-3f9bb5596089%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to cas-user+u...@apereo.org <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0550c55b-5029-4105-ade6-fb017b4d3b56%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0550c55b-5029-4105-ade6-fb017b4d3b56%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > > -- > Gregory Booth > Senior Systems Administrator & Technical Team Lead > IT Operations > Information Technology > Michigan Technological University > (906) 487-1797 > www.mtu.edu > www.it.mtu.edu > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3bb54c61-176a-4ae7-bc77-84d39111b64d%40apereo.org.
