grouper-users - RE: [grouper-users] Error using CAS Authentication with Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: Eileen Roach <>
- Cc: "" <>
- Subject: RE: [grouper-users] Error using CAS Authentication with Grouper
- Date: Thu, 10 Mar 2011 17:48:34 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Here is ours, though now that I look at it, I have my subjectId as an identifier, which I don’t think you need J Also, we have a group of people/application allowed to use WS, and those need to fill out a data access form to do so, which helps with privacy, though obviously we could do more. Thanks, Chris <source adapterClass="edu.internet2.middleware.subject.provider.JDBCSourceAdapter2"> <id>pennperson</id> <name>Penn person</name> <type>person</type> <init-param> <param-name>maxResults</param-name> <param-value>1000</param-value> </init-param> <init-param> <param-name>jdbcConnectionProvider</param-name> <param-value>edu.internet2.middleware.grouper.subj.GrouperJdbcConnectionProvider</param-value> </init-param> <init-param> <param-name>dbTableOrView</param-name> <param-value>person_source_v</param-value> </init-param> <init-param> <param-name>subjectIdCol</param-name> <param-value>penn_id</param-value> </init-param> <init-param> <param-name>nameCol</param-name> <param-value>name</param-value> </init-param> <init-param> <param-name>descriptionCol</param-name> <param-value>description</param-value> </init-param> <init-param> <!-- search col where general searches take place, lower case --> <param-name>lowerSearchCol</param-name> <param-value>description_lower</param-value> </init-param> <init-param> <!-- optional col if you want the search results sorted in the API (note, UI might override) --> <param-name>defaultSortCol</param-name> <param-value>description</param-value> </init-param> <init-param> <!-- col which identifies the row, perhaps not subjectId --> <param-name>subjectIdentifierCol0</param-name> <param-value>pennname</param-value> </init-param> <init-param> <param-name>subjectIdentifierCol1</param-name> <param-value>penn_id</param-value> </init-param> <init-param> <param-name>subjectIdentifierCol2</param-name> <param-value>eppn</param-value> </init-param> <!-- now you can count up from 0 to N of attributes for various cols --> <init-param> <param-name>subjectAttributeCol0</param-name> <param-value>pennname</param-value> </init-param> <init-param> <param-name>subjectAttributeName0</param-name> <param-value>PENNNAME</param-value> </init-param> <init-param> <param-name>subjectAttributeCol1</param-name> <param-value>email</param-value> </init-param> <init-param> <param-name>subjectAttributeName1</param-name> <param-value>EMAIL</param-value> </init-param> <init-param> <param-name>subjectAttributeCol2</param-name> <param-value>eppn</param-value> </init-param> <init-param> <param-name>subjectAttributeName2</param-name> <param-value>EPPN</param-value> </init-param> <init-param> <param-name>subjectAttributeCol3</param-name> <param-value>first_name</param-value> </init-param> <init-param> <param-name>subjectAttributeName3</param-name> <param-value>FIRST_NAME</param-value> </init-param> <init-param> <param-name>subjectAttributeCol4</param-name> <param-value>last_name</param-value> </init-param> <init-param> <param-name>subjectAttributeName4</param-name> <param-value>LAST_NAME</param-value> </init-param> <init-param> <param-name>subjectAttributeCol5</param-name> <param-value>email_public</param-value> </init-param> <init-param> <param-name>subjectAttributeName5</param-name> <param-value>EMAIL_PUBLIC</param-value> </init-param> <init-param> <param-name>subjectAttributeCol6</param-name> <param-value>name_first_public</param-value> </init-param> <init-param> <param-name>subjectAttributeName6</param-name> <param-value>NAME_FIRST_PUBLIC</param-value> </init-param> <init-param> <param-name>subjectAttributeCol7</param-name> <param-value>name_last_public</param-value> </init-param> <init-param> <param-name>subjectAttributeName7</param-name> <param-value>NAME_LAST_PUBLIC</param-value> </init-param> <init-param> <param-name>subjectAttributeCol8</param-name> <param-value>name_public</param-value> </init-param> <init-param> <param-name>subjectAttributeName8</param-name> <param-value>NAME_PUBLIC</param-value> </init-param> <init-param> <param-name>subjectAttributeCol9</param-name> <param-value>preferred_first_name</param-value> </init-param> <init-param> <param-name>subjectAttributeName9</param-name> <param-value>PREFERRED_FIRST_NAME</param-value> </init-param> </source> From: Eileen Roach [mailto:] We're using the GrouperJdbcSourceAdapter2 for our subject source type. Here's where we defined: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Eileen Roach Programmer/Analyst, Identity Management Group California Polytechnic State University, San Luis Obispo Phone: (805)756-6214 E-mail:
Ok, great, thanks. Just confirming that isn’t what I suggested though… it’s a little hard to explain… there is an “id”, and there could be multiple “identifiers”. At Penn, our “id” is the pennid, which is like this: 12345678 We have two identifiers, one is the pennkey, like this: mchyzer And the other is the eppn: There are three ways to lookup subjects: by id, by identifier, or by idOrIdentifier (which tries id first, and if not found, tries identifier)… when someone logs in, I think it calls idOrIdentifier, so if the authn system passes any of these, it will work (though it is configured in our case only to send pennkey for the public part and eppn for the external user part. You configure the identifier attributes in the sources.xml and label the attributes as identifiers (well, that’s when I do with the JDBC source). Thanks, Chris From: Eileen Roach [] Chris, Which type of source are you using? One idea if to have the eppn as an identifier attribute in the subject, then it will be found. Know what I mean? If you don’t want to do that, you could write a very simple servlet filter that converts to eroach if that is the identifier… I could help you if you need it. Thanks, chris From: [] On Behalf Of Eileen Roach I'm implementing the CAS authentication piece for the Grouper UI and I've apparently messed something up. When logging into the UI, I get authenticated via CAS, but then I get an error - "You successfully authenticated, however, Grouper was unable to find your details. The entity does not exist." * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Eileen Roach Programmer/Analyst, Identity Management Group California Polytechnic State University, San Luis Obispo Phone: (805)756-6214 E-mail: |
- [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Mailvaganam, Hari, 03/09/2011
- [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/09/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/09/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/10/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/10/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/10/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/10/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/10/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/11/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/11/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/10/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/10/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/10/2011
- Re: [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/10/2011
- RE: [grouper-users] Error using CAS Authentication with Grouper, Chris Hyzer, 03/09/2011
- [grouper-users] Error using CAS Authentication with Grouper, Eileen Roach, 03/09/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Peter Schober, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Peter Schober, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Tom Zeller, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Peter Schober, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Tom Zeller, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Peter Schober, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Tom Zeller, 03/10/2011
- Re: [grouper-users] Query on Naming Conflicts - Grouper, ldappcng, AD, Peter Schober, 03/10/2011
Archive powered by MHonArc 2.6.16.