Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Shibboleth and Grouper

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Shibboleth and Grouper

Chronological Thread 
  • From: Peter DiCamillo <>
  • To: "Klug, Lawrence" <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Shibboleth and Grouper
  • Date: Fri, 26 Aug 2011 21:02:24 -0400

I'm not sure if this applies in your situation, but what works well for me is to pass the attribute that is being used as the subject id in Grouper. That allows Grouper to lookup the subject very quickly.


Klug, Lawrence wrote:
Okay, we've got Shibboleth working - the only issue now is what to pass in
REMOTE_USER. I added a member to the Wheel group that exists in the LDAP
directory but when logging in we get the error:

Error: * Cant find login subject: , ADMIN_UI
* If you continue to encounter errors, please contact technical support.
I saw in your cloud example that you pass REMOTE_USER="eppn persistent-id

How does that translate to our environment?



-----Original Message-----
From: Chris Hyzer [mailto:] Sent: Wednesday, August 24, 2011 10:22 PM

Klug, Lawrence
Subject: RE: [grouper-users] Shibboleth and Grouper

OK, I never understood why these changes were needed, but now I get it. Im
used to not having the anonymously accessible information page, if you aren't
authenticated, you aren't allowed in at all. One of the other enablers of
this is to set:


in the custom so that once the user is logged in, and looking at the info page, it
says "Start", instead of "Log in". Btw, I have a directory in the UI:
grouperExternal/public which can easily not be protected by authn (if you have external user
registrations, it wont work if its not), maybe we should change the info page to be a static HTML
page there, or something else (dynamic page there). Well, if the UI is redone in 2.2 we can
worry about it then :)


-----Original Message-----

On Behalf Of

Sent: Wednesday, August 24, 2011 3:33 AM

Subject: Re: [grouper-users] Shibboleth and Grouper


Further to Chris' email, at Newcastle University we have also Shibbolised our
Grouper install. The following page documents some of the steps that we took
to Shib protect both the main Admin UI and the Lite UI.

I hope they are helpful.


Richard James
Infrastructure Systems Administrator
ISS Systems Architecture
Newcastle University

Archive powered by MHonArc 2.6.16.

Top of Page