Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Shibbolizing Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Shibbolizing Grouper

Chronological Thread 
  • From: Kathryn Huxtable <>
  • To: "GW Brown, Information Systems and Computing" <>, <>
  • Subject: Re: [grouper-users] Shibbolizing Grouper
  • Date: Thu, 27 Jul 2006 10:15:15 -0500

Ah, thanks. That did the trick!

I knew this, but hadn't realized I had it set that way. I guess I haven't
shibbolized any Java apps on that server.


On 7/27/06 10:06 AM, "GW Brown, Information Systems and Computing"

> Kathryn,
> It looks like the REMOTE_USER is not being accepted by Tomcat. The AJP
> connector in Tomcat`s servers.xml can take an attribute:
> tomcatAuthentication="false"
> If set to true, the authentication will be done in Tomcat. Otherwise, the
> authenticated principal will be propagated from the native webserver and
> used for authorization in Tomcat. The default value is true.
> Hopefully this will fix your problem.
> Regards,
> Gary
> --On 27 July 2006 09:41 -0500 Kathryn Huxtable
> <>
> wrote:
>> So what do I need to do to Grouper to Shibbolize it?
>> I have configured my Shibboleth application to return
>> eduPersonPrincipalName as REMOTE_USER (the default) and have configured
>> sources.xml in grouper to use eduPersonPrincipalName for the identifier.
>> The symptom is that upon going to the Grouper URL I go through the
>> Shibboleth login process and am then delivered to the Grouper page with
>> the help info and the login link instead of to the top level group page.
>> If I put
>> in my tomcat-users.xml file I can log in using
>> the lame password I put in that file *after* logging in via Shibboleth and
>> clicking the login link.
>> Where do I look for info on customizing this, or what do I do?
>> -K
> ----------------------
> GW Brown, Information Systems and Computing

Archive powered by MHonArc 2.6.16.

Top of Page