Shib v3.2.1 cas-protocol authentication to BannerXe
Niva Agmon
nagmon at temple.edu
Thu May 12 13:49:55 EDT 2016
Has anyone been able to successfully configure authentication to BannerXe (Banner9) using Shib v3.2.1 cas-protocol?
We are getting access denied on the Banner side and it looks like the user is null. Any ideas/suggestions would be greatly appreciated!
This is on the IdP side:
2016-05-11 16:46:35,781 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:167] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'cn' remained after filtering
2016-05-11 16:46:35,782 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:167] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'UDC_IDENTIFIER' remained after filtering
2016-05-11 16:46:35,807 - DEBUG [net.shibboleth.idp.cas.flow.impl.GrantServiceTicketAction:89] - Granting service ticket for http://xxxxx.xx.temple.edu:8180/StudentAdvisorSSB/j_spring_cas_security_check
2016-05-11 16:46:35,928 - DEBUG [net.shibboleth.idp.cas.ticket.impl.SimpleTicketService:193] - Storing ST-1462999595807-VHpzvkfuCxSNVFcMPpol3Ibrl in context https://www.apereo.org/cas/protocol/login
2016-05-11 16:46:35,930 - INFO [net.shibboleth.idp.cas.flow.impl.GrantServiceTicketAction:100] - Granted service ticket for http://xxxxx.xx.temple.edu:8180/StudentAdvisorSSB/j_spring_cas_security_check
2016-05-11 16:46:35,940 - INFO [Shibboleth-Audit.SSO:241] - 20160511T204635Z||bfd9a017e03e91ecda8bf533d3aeac7477909d7ab329d9efb9fb7f82bf1aed5f|http://xxxxx.xx.temple.edu:8180/StudentAdvisorSSB/j_spring_cas_security_check|https://www.apereo.org/cas/protocol/login||||fvtest12|||fvtest12|ST-1462999595807-VHpzvkfuCxSNVFcMPpol3Ibrl
On the Banner side:
[Tue, 10-May-2016 @ 11:25:45.443] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidationFilter - Attempting to validate ticket: ST-1462893945415-6Mof4ddkaado8VGsauPDjaFLy
[Tue, 10-May-2016 @ 11:25:45.443] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.util.CommonUtils - serviceUrl generated: http://xxx.xxxx.temple.edu:8180/StudentAdvisorSSB/j_spring_cas_security_check
[Tue, 10-May-2016 @ 11:25:45.443] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidator - Placing URL parameters in map.
[Tue, 10-May-2016 @ 11:25:45.443] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidator - Calling template URL attribute map.
[Tue, 10-May-2016 @ 11:25:45.443] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidator - Loading custom parameters from configuration.
[Tue, 10-May-2016 @ 11:25:45.444] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidator - Constructing validation url: https://np-fim2.temple.edu/idp/profile/cas/samlValidate?TARGET=http%3A%2F%2Fxxx.xxxx.temple.edu%3A8180%2FStudentAdvisorSSB%2Fj_spring_cas_security_check
[Tue, 10-May-2016 @ 11:25:45.444] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.jasig.cas.client.validation.Saml11TicketValidator - Retrieving response from server.
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/j_spring_cas_security_check'; to: '/j_spring_cas_security_check'
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Candidate is: '/j_spring_cas_security_check'; pattern is /**/api/**; matched=false
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/j_spring_cas_security_check'; to: '/j_spring_cas_security_check'
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Candidate is: '/j_spring_cas_security_check'; pattern is /**/qapi/**; matched=false
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/j_spring_cas_security_check'; to: '/j_spring_cas_security_check'
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - Candidate is: '/j_spring_cas_security_check'; pattern is /**; matched=true
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_cas_security_check?ticket=ST-1462893945415-6Mof4ddkaado8VGsauPDjaFLy at position 1 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter at 22e1f574'
[Tue, 10-May-2016 @ 11:25:45.485] [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
Thanks,
Niva
nagmon at temple.edu<mailto:nagmon at temple.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160512/855c7e62/attachment-0001.html>
More information about the users
mailing list