Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Kerberos authentication for grouper web services

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Kerberos authentication for grouper web services


Chronological Thread 
  • From: Chris Hyzer <>
  • To: LLG5 <>, "" <>
  • Subject: RE: [grouper-users] Kerberos authentication for grouper web services
  • Date: Fri, 26 Aug 2011 03:20:21 +0000
  • Accept-language: en-US

You need to remove the web.xml stuff about authentication so that the tomcat-users isn’t used anymore… I think that is what is stopping you from getting through.  E.g.

 

                <security-constraint>

                                <web-resource-collection>

                                                <web-resource-name>Web services</web-resource-name>

                                                <url-pattern>/services/*</url-pattern>

                                </web-resource-collection>

                                <auth-constraint>

                                                <role-name>grouper_user</role-name>

                                </auth-constraint>

                </security-constraint>

 

  <security-constraint>

    <web-resource-collection>

      <web-resource-name>Web services</web-resource-name>

      <url-pattern>/servicesRest/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <!-- NOTE:  This role is not present in the default users file -->

      <role-name>grouper_user</role-name>

    </auth-constraint>

  </security-constraint>

 

                <!-- Define the Login Configuration for this Application -->

                <login-config>

                                <auth-method>BASIC</auth-method>

                                <realm-name>Grouper Application</realm-name>

                </login-config>

 

                <!-- Security roles referenced by this web application -->

                <security-role>

                                <description>

                                                The role that is required to log in to web service

                                </description>

                                <role-name>grouper_user</role-name>

                </security-role>

 

We use Kerberos at Penn for WS…

 

 

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of LLG5
Sent: Thursday, August 25, 2011 11:36 AM
To:
Subject: [grouper-users] Kerberos authentication for grouper web services

 

We are having problems using kerberos to authenticate for  grouper web services.   We followed the instructions  to set up the  following items in the grouper-ws.properties file

 

ws.security.non-rampart.authentication.class = edu.internet2.middleware.grouper.ws.security.WsGrouperKerberosAuthentication
kerberos.realm 
kerberos.kdc.address

 

 

When I try to access the wsdl for the web services I am unable to authenticate with a kerberos principal.   I can authenticate with a user in the tomcat-users.xml file.  Is there anything else that I need to change?  Is there some problem with the tomcat configuration?

 

Lynn

 




Archive powered by MHonArc 2.6.16.

Top of Page