grouper-users - RE: [grouper-users] Shibboleth and Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: "Klug, Lawrence" <>
- To: Chris Hyzer <>
- Cc: "" <>
- Subject: RE: [grouper-users] Shibboleth and Grouper
- Date: Mon, 29 Aug 2011 08:31:14 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
>>You can add an identifier that refers to the subject (e.g. netId, and/or
>>eppn) in the sources.xml
I would like to add an additional identifier "uclaLogonID" (eppn) but I'm not
sure exactly how to do this. Must be in the LDAP block of sources.xml?
Thanks,
Lawrence
-----Original Message-----
From: Chris Hyzer
[mailto:]
Sent: Friday, August 26, 2011 7:54 PM
To: Peter DiCamillo; Klug, Lawrence
Cc:
Subject: RE: [grouper-users] Shibboleth and Grouper
Either that, or make sure the eppn is an identifier for the subject. i.e.
gsh 0%
SubjectFinder.findByIdOrIdentifier("",
true)
returns the subject. You can add an identifier that refers to the subject
(e.g. netId, and/or eppn) in the sources.xml
This is a confusing part of the subject API. There is one ID (which at Penn
is the PennID, e.g. 12345678), and multiple identifiers (which doesn't have
to include the ID). At Penn this is the PennName/PennKey: jsmith, and the
eppn:
thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Peter DiCamillo
Sent: Friday, August 26, 2011 9:02 PM
To: Klug, Lawrence
Cc:
Subject: Re: [grouper-users] Shibboleth and Grouper
I'm not sure if this applies in your situation, but what works well for me is
to pass the attribute that is being used as the subject id in Grouper. That
allows Grouper to lookup the subject very quickly.
Peter
Klug, Lawrence wrote:
> Okay, we've got Shibboleth working - the only issue now is what to pass in
> REMOTE_USER. I added a member to the Wheel group that exists in the LDAP
> directory but when logging in we get the error:
>
> Error:
> * Cant find login subject:
> ,
> ADMIN_UI
> * If you continue to encounter errors, please contact technical support.
> I saw in your cloud example that you pass REMOTE_USER="eppn persistent-id
> targeted-id"
>
> How does that translate to our environment?
>
> Thanks,
>
> Lawrence
>
> -----Original Message-----
> From: Chris Hyzer
> [mailto:]
> Sent: Wednesday, August 24, 2011 10:22 PM
> To:
> ;
>
> ;
> Klug,
> Lawrence
> Subject: RE: [grouper-users] Shibboleth and Grouper
>
> OK, I never understood why these changes were needed, but now I get it. Im
> used to not having the anonymously accessible information page, if you
> aren't authenticated, you aren't allowed in at all. One of the other
> enablers of this is to set:
>
> login=Start
>
> in the custom nav.properties so that once the user is logged in, and
> looking at the info page, it says "Start", instead of "Log in". Btw,
> I have a directory in the UI: grouperExternal/public which can easily
> not be protected by authn (if you have external user registrations, it
> wont work if its not), maybe we should change the info page to be a
> static HTML page there, or something else (dynamic page there). Well,
> if the UI is redone in 2.2 we can worry about it then :)
>
> Thanks,
> Chris
>
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of
>
> Sent: Wednesday, August 24, 2011 3:33 AM
> To:
> ;
>
>
> Subject: Re: [grouper-users] Shibboleth and Grouper
>
> Hi,
>
> Further to Chris' email, at Newcastle University we have also Shibbolised
> our Grouper install. The following page documents some of the steps that we
> took to Shib protect both the main Admin UI and the Lite UI.
>
> https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Pr
> otecting
> +UI+With+Shib
>
> I hope they are helpful.
>
> Thanks
>
> Richard James
> Infrastructure Systems Administrator
> ISS Systems Architecture
> Newcastle University
- [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/22/2011
- Re: [grouper-users] Shibboleth and Grouper, Shilen Patel, 08/23/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/23/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/23/2011
- Re: [grouper-users] Shibboleth and Grouper, richard.james, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/24/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/25/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Peter DiCamillo, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/29/2011
- RE: [grouper-users] Shibboleth and Grouper, Chris Hyzer, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Peter DiCamillo, 08/26/2011
- RE: [grouper-users] Shibboleth and Grouper, Klug, Lawrence, 08/26/2011
- Re: [grouper-users] Shibboleth and Grouper, Shilen Patel, 08/23/2011
Archive powered by MHonArc 2.6.16.