Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Shibbolizing Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Shibbolizing Grouper

Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To: Kathryn Huxtable <>,
  • Subject: Re: [grouper-users] Shibbolizing Grouper
  • Date: Thu, 27 Jul 2006 16:06:38 +0100


It looks like the REMOTE_USER is not being accepted by Tomcat. The AJP connector in Tomcat`s servers.xml can take an attribute:

If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. The default value is true.

Hopefully this will fix your problem.



--On 27 July 2006 09:41 -0500 Kathryn Huxtable

So what do I need to do to Grouper to Shibbolize it?

I have configured my Shibboleth application to return
eduPersonPrincipalName as REMOTE_USER (the default) and have configured
sources.xml in grouper to use eduPersonPrincipalName for the identifier.

The symptom is that upon going to the Grouper URL I go through the
Shibboleth login process and am then delivered to the Grouper page with
the help info and the login link instead of to the top level group page.

If I put

in my tomcat-users.xml file I can log in using
the lame password I put in that file *after* logging in via Shibboleth and
clicking the login link.

Where do I look for info on customizing this, or what do I do?


GW Brown, Information Systems and Computing

Archive powered by MHonArc 2.6.16.

Top of Page