Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] more on Lite UI Authentication

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] more on Lite UI Authentication


Chronological Thread 
  • From: Richard James <>
  • To: "'Scott Koranda'" <>, "" <>
  • Subject: RE: [grouper-users] more on Lite UI Authentication
  • Date: Thu, 22 Apr 2010 20:35:22 +0100
  • Accept-language: en-US, en-GB
  • Acceptlanguage: en-US, en-GB

Hi Scott,

It was myself who raised this query initially, and at Newcastle University we
now have our Lite UI protected with Shib.

I have created a page on the wiki
https://spaces.internet2.edu/display/GrouperWG/Newcastle+University+-+Protecting+UI+With+Shib
which describes our setup to enable Shib authentication on both the normal
UI and the Lite UI.

The main change to allow for the Shib authentication to work was to amend the
security constraints in the web.xml file, we didn't need to make any further
changes to the httpd config.

We did attempt using the Location Match tag, but it didn't seem to make any
difference in our particular setup, its not something we have played around
with really.

I hope the above is of some help.

Thanks

Richard James
ISS Middleware Team
Newcastle University

>-----Original Message-----
>From: Scott Koranda
>[mailto:]
>Sent: 22 April 2010 19:50
>To:
>
>Subject: [grouper-users] more on Lite UI Authentication
>
>Hi,
>
>Please see this thread:
>
>https://archives.internet2.edu/wws/arc/grouper-users/2010-
>02/msg00007.html
>
>Was this ever resolved? I am facing the exact same situation.
>
>My httpd configuration looks like this:
>
> <Location /grouper>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> Require user ~
> ^.+@LIGO.ORG$
> </Location>
>
> <Location /grouper-ws>
> AuthType shibboleth
> ShibRequestSetting requireSession 1
> Require user ~
> ^.+@LIGO.ORG$
> </Location>
>
> ProxyPass /grouper/ ajp://127.0.0.1:8009/grouper/
> ProxyPass /grouper-ws/ ajp://127.0.0.1:8009/grouper-ws/
>
>This works well for the standard UI and for Grouper WS, but if
>I click on "Manage members lite" in the standard UI and
>attempt to use the lite UI then I get same stack trace as
>mentioned in that thread.
>
>Before I try using <LocationMatch > instead of <Location> I
>would like to understand the requirement of the lite UI so
>that I know precisely what needs to be exposed/authenticated.
>
>Thanks,
>
>Scott



Archive powered by MHonArc 2.6.16.

Top of Page