Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Error using CAS Authentication with Grouper

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Error using CAS Authentication with Grouper

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Eileen Roach <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] Error using CAS Authentication with Grouper
  • Date: Thu, 10 Mar 2011 16:43:40 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

Ok, great, thanks.


Just confirming that isn’t what I suggested though… it’s a little hard to explain… there is an “id”, and there could be multiple “identifiers”.


At Penn, our “id” is the pennid, which is like this: 12345678

We have two identifiers, one is the pennkey, like this: mchyzer

And the other is the eppn:


There are three ways to lookup subjects: by id, by identifier, or by idOrIdentifier (which tries id first, and if not found, tries identifier)…  when someone logs in, I think it calls idOrIdentifier, so if the authn system passes any of these, it will work (though it is configured in our case only to send pennkey for the public part and eppn for the external user part.


You configure the identifier attributes in the sources.xml and label the attributes as identifiers (well, that’s when I do with the JDBC source).





From: Eileen Roach [mailto:]
Sent: Thursday, March 10, 2011 4:20 PM
To: Chris Hyzer
Subject: Re: [grouper-users] Error using CAS Authentication with Grouper



I set the subject_id to the eppn and it works.  Thank you very much!  Not sure we'll stick with that solution since our eppn's can change, but it works for now.  Thanks for your help.


On 3/9/2011 8:52 PM, Chris Hyzer wrote:

Which type of source are you using?  One idea if to have the eppn as an identifier attribute in the subject, then it will be found.  Know what I mean?  If you don’t want to do that, you could write a very simple servlet filter that converts to eroach if that is the identifier… I could help you if you need it.





From: [] On Behalf Of Eileen Roach
Sent: Wednesday, March 09, 2011 7:10 PM
Subject: [grouper-users] Error using CAS Authentication with Grouper


I'm implementing the CAS authentication piece for the Grouper UI and I've apparently messed something up.  When logging into the UI, I get authenticated via CAS, but then I get an error  - "You successfully authenticated, however, Grouper was unable to find your details.  The entity does not exist."

The grouper_error.log shows the following errors:

2011-03-09 14:39:07,238: [catalina-exec-3] ERROR NavExceptionHelper.getMessage(92) - < - BDA3404279DA6D626F56201A5EFE0178-0005 - - - > - Missing nav key: The entity does not exist.
2011-03-09 16:02:58,283: [catalina-exec-7] INFO -  - [db3bacc7523e4120891fb03d7427b2ff,'GrouperSystem','application'] session: start (3ms)
2011-03-09 16:02:58,459: [catalina-exec-8] INFO -  - [cc6e7db3cbaf4cfb867fc5f9f13f25a6,'GrouperSystem','application'] session: start (1ms)
2011-03-09 16:03:02,036: [catalina-exec-8] INFO -  - [cbdd1072eb2d4783b6193556ffd9b255,'GrouperSystem','application'] session: start (4ms)
2011-03-09 16:03:46,399: [catalina-exec-7] INFO -  - [44bc5d9198f54977a28d68fe050af041,'GrouperSystem','application'] session: start (5ms)
2011-03-09 16:03:52,264: [catalina-exec-9] INFO -  - [1fbf2fdfa53f4fadb4ecbd078a597930,'GrouperSystem','application'] session: start (4ms)
2011-03-09 16:03:52,309: [catalina-exec-9] ERROR LoginCheckFilter.doFilter(221) - < - 3009FD7A5DED63513847758F6411F883-0006 - - - > - is not recognised
edu.internet2.middleware.subject.SubjectNotFoundException: Cant find subject by id or identifier: ''

Can someone point me in the right direction?



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 Eileen Roach
 Programmer/Analyst, Identity Management Group
 California Polytechnic State University, San Luis Obispo
 Phone: (805)756-6214  


Archive powered by MHonArc 2.6.16.

Top of Page