Shib v3.2.1 cas-protocol authentication to BannerXe

O'Dowd, Josh Josh.O'Dowd at
Tue May 17 17:06:58 EDT 2016

For what it’s worth, we found that Banner XE, being a  grails app, uses a CAS security module which has a configurable property,  ‘authenticationAssertionAttribute’. This property represents the name of the incoming request header attribute(from authentication response) to map to XE’s ‘UDC_IDENTIFIER’.  Implementations can set this property to any attribute name representing the user’s unique ID.  In our case, we set the property value to ‘uid’ which is the attribute our IdP releases.

Josh O’Dowd
University of Montana

From: users [mailto:users-bounces at] On Behalf Of Marvin Addison
Sent: Tuesday, May 17, 2016 5:46 AM
To: Shib Users <users at>
Subject: Re: Shib v3.2.1 cas-protocol authentication to BannerXe

On Fri, May 13, 2016 at 12:08 PM Niva Agmon <nagmon at<mailto:nagmon at>> wrote:
Not sure how to put the org.jasig.cas package in DEBUG – I added a <logger name="org.jasig.cas" level="DEBUG"/> statement to logback.xml, but don’t really see more info, so am probably missing some steps..

Sorry, I meant turning up the log level on the client. There's no such package on the server. When you put org.jasig.cas in DEBUG, you ought to see the CAS protocol response from the IdP logged to your client application and you can determine whether the UDC_IDENTIFIER attribute is included.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list