grouper-users - Re: [grouper-users] Shibboleth and Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: Peter DiCamillo <>
- To: "Klug, Lawrence" <>
- Cc: "" <>
- Subject: Re: [grouper-users] Shibboleth and Grouper
- Date: Fri, 26 Aug 2011 21:02:24 -0400
I'm not sure if this applies in your situation, but what works well for me is to pass the attribute that is being used as the subject id in Grouper. That allows Grouper to lookup the subject very quickly.
Peter
Klug, Lawrence wrote:
Okay, we've got Shibboleth working - the only issue now is what to pass in
REMOTE_USER. I added a member to the Wheel group that exists in the LDAP
directory but when logging in we get the error:
Error: * Cant find login subject: , ADMIN_UI
* If you continue to encounter errors, please contact technical support.
I saw in your cloud example that you pass REMOTE_USER="eppn persistent-id
targeted-id"
How does that translate to our environment?
Thanks,
Lawrence
-----Original Message-----
From: Chris Hyzer [mailto:] Sent: Wednesday, August 24, 2011 10:22 PM
To:
;
;
Klug, Lawrence
Subject: RE: [grouper-users] Shibboleth and Grouper
OK, I never understood why these changes were needed, but now I get it. Im
used to not having the anonymously accessible information page, if you aren't
authenticated, you aren't allowed in at all. One of the other enablers of
this is to set:
login=Start
in the custom nav.properties so that once the user is logged in, and looking at the info page, it
says "Start", instead of "Log in". Btw, I have a directory in the UI:
grouperExternal/public which can easily not be protected by authn (if you have external user
registrations, it wont work if its not), maybe we should change the info page to be a static HTML
page there, or something else (dynamic page there). Well, if the UI is redone in 2.2 we can
worry about it then :)
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of
Sent: Wednesday, August 24, 2011 3:33 AM
To:
;
Subject: Re: [grouper-users] Shibboleth and Grouper
Hi,
Further to Chris' email, at Newcastle University we have also Shibbolised our
Grouper install. The following page documents some of the steps that we took
to Shib protect both the main Admin UI and the Lite UI.
https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting
+UI+With+Shib
I hope they are helpful.
Thanks
Richard James
Infrastructure Systems Administrator
ISS Systems Architecture
Newcastle University
- [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/22/2011
- Re: [grouper-users] Shibboleth and Grouper, Shilen Patel, 08/23/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/23/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/23/2011
- Re: [grouper-users] Shibboleth and Grouper, richard.james, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/25/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Peter DiCamillo, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Peter DiCamillo, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Shilen Patel, 08/23/2011
Archive powered by MHonArc 2.6.16.