Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Lite UI Authentication

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Lite UI Authentication

Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To: ,
  • Subject: Re: [grouper-users] Lite UI Authentication
  • Date: Wed, 03 Feb 2010 16:17:51 +0000

Hi Richard,

For the Admin UI follow the instructions for the yale-cas contribution contrib/yale-cas-auth/README.html - starting with 'In order to prevent...'

The link there is now out-of-date - try <>.

Unfortunately the stack trace indicates there was an error in our error processing so I can't tell what the original error was. If that trace comes from a tomcat log is there anything in grouper_error.log? There is a LOG.error("Caught '" + code + "' for " ... statement so I would hope something made it to a log.


--On 03 February 2010 10:43 -0500


Hi All,

First of all just want to say great work on the latest version of
Grouper, the auditing features and the new Lite UI will be of great
benefit to us. Also, thanks for the release for the bug fixes as this
solved an issue we were having when attempting to do an import via the
GSH xml-import tool :)

We are having one problem regards to the Lite UI, we have successfully
deployed both the admin UI and the lite UI, and successfully managed to
log in to both interfaces using Tomcat authentication. Though when we
turn Tomcat authentication off, and protect the UI's with Shib, we are
coming across some problems.
If logging into the admin UI via http://<server-name>/grouper, we are
directed to our Shib login page, once credentials are entered we are then
directed through to the grouper home page and are presented with the root
Though if we attempt to login into the admin UI via
https://<server-name>/grouper/ or the Lite UI via
mpleMembershipUpdate.index we encounter "HTTP Status 403 - Access to the
requested resource has been denied." I presume this is because these are
calling the java login functions unlike the http://<server-name>/grouper
URL which is redirected straight through to the page. Looking
into the logs there is the following entry;
28-Jan-2010 11:27:39 org.apache.catalina.core.ApplicationDispatcher invoke
SEVERE: Servlet.service() for servlet action threw exception
ourceBundle( at
edu.internet2.middleware.grouper.ui.actions.PopulateErrorAction.execute(P at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestPro at
26) at
at org.apache.struts.action.ActionServlet.doGet(
at javax.servlet.http.HttpServlet.service( at
javax.servlet.http.HttpServlet.service( at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatch at
org.apache.catalina.core.ApplicationDispatcher.processRequest(Application at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispa at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatc at
416) at
343) at
144) at
102) at
ava:109) at
3) at
at org.apache.jk.common.HandlerRequest.invoke(
at org.apache.jk.common.ChannelSocket.invoke(
98) at
ava:891) at
java:690) at

Not sure why this is, I guess it maybe something to do with the way the
LoginCheckFilter works with Grouper. I have looked around the code to try
and work this out but so far with no success, the only assumption I can
make is that it is failing to retrieve HTTP session details when invoking
the retrieveHttpServletRequest method. Does anyone else protect Grouper
via Shib and has come across this problem? Or anyone have any ideas on
how we can get round this?
Many Thanks

Richard James
ISS Middleware Team
Newcastle University

GW Brown, Information Systems and Computing

Archive powered by MHonArc 2.6.16.

Top of Page