Grouper Users - Open Discussion List

[Kathryn Huxtable <>]

Ah, thanks. That did the trick!

I knew this, but hadn't realized I had it set that way. I guess I haven't
shibbolized any Java apps on that server.

-K


On 7/27/06 10:06 AM, "GW Brown, Information Systems and Computing"
<>
 wrote:

> Kathryn,
> 
> It looks like the REMOTE_USER is not being accepted by Tomcat. The AJP
> connector in Tomcat`s servers.xml can take an attribute:
> tomcatAuthentication="false" 
> 
> If set to true, the authentication will be done in Tomcat. Otherwise, the
> authenticated principal will be propagated from the native webserver and
> used for authorization in Tomcat. The default value is true.
> 
> Hopefully this will fix your problem.
> 
> Regards,
> 
> Gary
> 
> --On 27 July 2006 09:41 -0500 Kathryn Huxtable 
> <>
>  wrote:
> 
>> So what do I need to do to Grouper to Shibbolize it?
>> 
>> I have configured my Shibboleth application to return
>> eduPersonPrincipalName as REMOTE_USER (the default) and have configured
>> sources.xml in grouper to use eduPersonPrincipalName for the identifier.
>> 
>> The symptom is that upon going to the Grouper URL I go through the
>> Shibboleth login process and am then delivered to the Grouper page with
>> the help info and the login link instead of to the top level group page.
>> 
>> If I put 
>> 
>>  in my tomcat-users.xml file I can log in using
>> the lame password I put in that file *after* logging in via Shibboleth and
>> clicking the login link.
>> 
>> Where do I look for info on customizing this, or what do I do?
>> 
>> -K
>> 
> 
> 
> 
> ----------------------
> GW Brown, Information Systems and Computing
>