CASifying Banner Self Serve
Description
These instructions explain how to make Banner Self Service 8.x use CAS for authentication. It uses the Yale PL/SQL CAS Client, a custom WebTailor package, and a small mod to twbkwbis. It maps the username from CAS to the GOBTPAC_EXTERNAL_USER field. Keeping the GOBTPAC_EXTERNAL_USER field in sync with your LDAP directory, or whatever authentication source your CAS instance uses, is up to your institution.
Requirements
A new WebTailor package called twzkcasl ( and )
Modify twbkwbi1.sql ( file provided for version 8.2.0.1)
Step 1: Install the Yale PL/SQL CAS Client
The Yale PL/SQL CAS Client needs to be installed in the WTAILOR schema.
Step 2: Install the package TWZKCASL
This package was create by James Gutholm from The Evergreen State College. James released it under the GPL license and I added one tiny improvement. The most important function in here is the f_cas_get_banner_login which essentially takes a successful CAS login and maps it to the Banner student ID and PIN from GOBTPAC. The CAS username must match the GOBTPAC_EXTERNAL_USER field.
There are a couple of modifications you will need to make to twzkcas1.sql. Find the following two lines (133 and 134) and add your CAS urls.
twzkxas1.sql
YUAPPS_CAS.set_login_url('https://login.yourschool.edu/cas/login');
YUAPPS_CAS.set_validate_url('https://login.yourschool.edu/cas/serviceValidate');
This package also needs to be installed in the WTAILOR schema.
Registering this package in WebTailor
At the bottom of the file twzkcasl.sql the WebTailor setup is done for you.
Step 3: Modify the Banner baseline package TWBKWBIS
It is only necessary to modify the package body. I have provided a patch file for version 8.2.0.1 (the latest at the time of this writing) of TWBKWBIS. If that isn't the version of Banner that you are currently running, I recommend getting version 8.2.0.1, applying this patch and then merging it into whatever version of TWBKWBIS you are using.
Step 4: Setup WebTailor Parameters
Insert WebTailor Parameters
-- change these to wtailor parameters CAS_ENABLED=Y CAS_FORCE_RENEWAL=Y
delete from twgbparm where twgbparm_param_name like 'CAS_%';
insert into TWGBPARM
(TWGBPARM_PARAM_NAME, TWGBPARM_PARAM_VALUE, TWGBPARM_ACTIVITY_DATE)
values
('CAS_ENABLED', 'Y', SYSDATE);
insert into TWGBPARM
(TWGBPARM_PARAM_NAME, TWGBPARM_PARAM_VALUE, TWGBPARM_ACTIVITY_DATE)
values
('CAS_FORCE_RENEWAL', 'N', SYSDATE);
insert into TWGBPARM
(TWGBPARM_PARAM_NAME, TWGBPARM_PARAM_VALUE, TWGBPARM_ACTIVITY_DATE)
values
('CAS_RANDOMIZE_PIN', 'N', SYSDATE);
insert into TWGBPARM
(TWGBPARM_PARAM_NAME, TWGBPARM_PARAM_VALUE, TWGBPARM_ACTIVITY_DATE)
values
('CAS_SERVICE_URL', 'https%253A%252F%252Fbanner.yourschool.edu%252Fpls%252Fproddad%252Ftwzkcasl.P_Service_Ticket?target=', SYSDATE);
commit;
WebTailor Parameters
You can control several things via the WebTailor parameters.
General Notes
Even when you have CAS_ENABLED set to "Y", you can still login to Banner Self Serve by hitting the login page directly for example, https://banner.yourschool.edu/pls/proddad/twbkwbis.P_WWWLogin. Hitting any other page will use CAS to authenticate for example, https://banner.yourschool.edu/pls/proddad/twbkwbis.P_GenMenu?name=bmenu.P_MainMnu will use CAS.
A Note about SSL
You may need to setup an Oracle wallet on your Banner database server, where TWBKWBIS is installed, if you don't already have one. It is used for outgoing SSL, to CAS, only so you don't need to import any certificates, the Oracle wallet just needs to exist.