Grouper Users - Open Discussion List

[Chris Hyzer <>]

Ok, great, thanks.

 

Just confirming that isn’t what I suggested though… it’s a little hard to explain… there is an “id”, and there could be multiple “identifiers”.

 

At Penn, our “id” is the pennid, which is like this: 12345678

We have two identifiers, one is the pennkey, like this: mchyzer

And the other is the eppn:

 

There are three ways to lookup subjects: by id, by identifier, or by idOrIdentifier (which tries id first, and if not found, tries identifier)…  when someone logs in, I think it calls idOrIdentifier, so if the authn system passes any of these, it will work (though it is configured in our case only to send pennkey for the public part and eppn for the external user part.

 

You configure the identifier attributes in the sources.xml and label the attributes as identifiers (well, that’s when I do with the JDBC source).

 

Thanks,

Chris

 

From: Eileen Roach [mailto:]
Sent: Thursday, March 10, 2011 4:20 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Error using CAS Authentication with Grouper

 

Chris,

I set the subject_id to the eppn and it works.  Thank you very much!  Not sure we'll stick with that solution since our eppn's can change, but it works for now.  Thanks for your help.

~Eileen

On 3/9/2011 8:52 PM, Chris Hyzer wrote:

Which type of source are you using?  One idea if to have the eppn as an identifier attribute in the subject, then it will be found.  Know what I mean?  If you don’t want to do that, you could write a very simple servlet filter that converts to eroach if that is the identifier… I could help you if you need it.

 

Thanks,

chris

 

From: [] On Behalf Of Eileen Roach
Sent: Wednesday, March 09, 2011 7:10 PM
To:
Subject: [grouper-users] Error using CAS Authentication with Grouper

 

I'm implementing the CAS authentication piece for the Grouper UI and I've apparently messed something up.  When logging into the UI, I get authenticated via CAS, but then I get an error  - "You successfully authenticated, however, Grouper was unable to find your details.  The entity does not exist."

The grouper_error.log shows the following errors:

2011-03-09 14:39:07,238: [catalina-exec-3] ERROR NavExceptionHelper.getMessage(92) - < - BDA3404279DA6D626F56201A5EFE0178-0005 - - - > - Missing nav key: The entity does not exist.
2011-03-09 16:02:58,283: [catalina-exec-7] INFO  EventLog.info(141) -  - [db3bacc7523e4120891fb03d7427b2ff,'GrouperSystem','application'] session: start (3ms)
2011-03-09 16:02:58,459: [catalina-exec-8] INFO  EventLog.info(141) -  - [cc6e7db3cbaf4cfb867fc5f9f13f25a6,'GrouperSystem','application'] session: start (1ms)
2011-03-09 16:03:02,036: [catalina-exec-8] INFO  EventLog.info(141) -  - [cbdd1072eb2d4783b6193556ffd9b255,'GrouperSystem','application'] session: start (4ms)
2011-03-09 16:03:46,399: [catalina-exec-7] INFO  EventLog.info(141) -  - [44bc5d9198f54977a28d68fe050af041,'GrouperSystem','application'] session: start (5ms)
2011-03-09 16:03:52,264: [catalina-exec-9] INFO  EventLog.info(141) -  - [1fbf2fdfa53f4fadb4ecbd078a597930,'GrouperSystem','application'] session: start (4ms)
2011-03-09 16:03:52,309: [catalina-exec-9] ERROR LoginCheckFilter.doFilter(221) - < - 3009FD7A5DED63513847758F6411F883-0006 - - - > - is not recognised
edu.internet2.middleware.subject.SubjectNotFoundException: Cant find subject by id or identifier: ''

Can someone point me in the right direction?

Thanks,

Eileen

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 Eileen Roach

 Programmer/Analyst, Identity Management Group

 California Polytechnic State University, San Luis Obispo

 Phone: (805)756-6214  

 E-mail: