grouper-users - Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth
Subject: Grouper Users - Open Discussion List
List archive
Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth
Chronological Thread
- From: Tom Zeller <>
- To: Jie Lv <>
- Cc:
- Subject: Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth
- Date: Tue, 20 Sep 2011 10:28:12 -0500
The following
<grouper:Attribute id="groups" source="example"/>
should be
<grouper:Attribute id="groups" />
or
<grouper:Attribute id="groups" source="g:gsa"/>
The <grouper:Attribute /> element defines the grouper subject
attribute id to be returned from the given subject source. The source,
if omitted, defaults to "g:gsa", i.e. the internal grouper subject
adapter. This is either a bug or just plain confusing.
And, I couldn't find the thread on the grouper-users archives, but
some folks have found that releasing attributes directly from grouper
is not such a great idea if the grouper database is inaccessible due
to maintenance or whatever. The workaround is to release grouper
attributes that have been provisioned to ldap.
On Tue, Sep 20, 2011 at 5:06 AM, Jie Lv
<>
wrote:
> Hi everyone,
>
>
>
> I’ve been working to integrate Grouper and Shibboleth.
>
> In my setup, I’ve been using Grouper APIBinary 2.0.0, Grouper LDAPPCNG
> 2.0.0, Shibboleth IdP 2.1.1
>
>
>
> I set up a group named “pku:faculty:Computer Center”, and added a member
> named “10101”
>
>
>
> I used gsh command line utility to check my setup. I got the following
> message:
>
> gsh 0% subj = findSubject("10101")
>
> subject: id='10101' type='person' source='example' name='test101011'
>
> gsh 1% sess = GrouperSession.start(subj)
>
> edu.internet2.middleware.grouper.GrouperSession:
> 731c5237ae4a4ec3b8abec24511c6142,'10101','person'
>
> gsh 2% member = MemberFinder.findBySubject(sess, subj)
>
> member: id='10101' type='person' source='example'
> uuid='576123fcc5694fd693b1557d53f8dac1'
>
> gsh 3% member.getGroups()
>
> group: name='pkuid:faculty:cc' displayName='pku:faculty:Computer Center'
> uuid='8cb08ed56aec4638beb3f4fa112d8e8a'
>
>
>
> Then I configured my Shibboleth IdP to use Grouper Plugin to extract the
> above information from Grouper. The configuration in attribute-resolver.xml
> is as follows:
>
> <resolver:DataConnector id="MemberDataConnector2"
> xsi:type="grouper:MemberDataConnector">
>
> <grouper:Attribute id="groups" source="example"/>
>
> </resolver:DataConnector>
>
> <resolver:AttributeDefinition id="isMemberOf" xsi:type="grouper:Group"
> sourceAttributeID="groups" >
>
> <resolver:Dependency ref="MemberDataConnector2" />
>
> <grouper:Attribute id="name" />
>
> </resolver:AttributeDefinition>
>
>
>
> But I can’t get the grouper information after I logged into my IdP with the
> account 10101. In idp-process.log, I got the following message:
>
> 2011-09-20 17:59:45,528 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:141]
> - resolve '10101'
>
> dc 'MemberDataConnector2'
>
> 2011-09-20 17:59:45,606 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:160]
> - resolve '10101'
>
> dc 'MemberDataConnector2' found subject 'Subject id: 10101, sourceId:
> example'
>
> 2011-09-20 17:59:45,613 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:182]
> - resolve '10101'
>
> dc 'MemberDataConnector2' found member ''10101'/'person'/'example''
>
> 2011-09-20 17:59:45,613 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:190]
> - resolve '10101'
>
> dc 'MemberDataConnector2' subjectIDs [id 'groups' source 'example']
>
> 2011-09-20 17:59:45,613 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:192]
> - resolve '10101'
>
> dc 'MemberDataConnector2' member '10101'/'person'/'example' field id
> 'groups' source 'example'
>
> 2011-09-20 17:59:45,614 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:250]
> - resolve '10101'
>
> dc 'MemberDataConnector2' attributes 1
>
> 2011-09-20 17:59:45,614 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.dataConnector.MemberDataConnector:253]
> - resolve '10101'
>
> dc 'MemberDataConnector2' 'id' : 10101
>
> 2011-09-20 17:59:45,614 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.attributeDefinition.GroupAttributeDefinition:51]
> - resolv
>
> e '10101' ad 'isMemberOf'
>
> 2011-09-20 17:59:45,614 DEBUG
> [edu.internet2.middleware.grouper.shibboleth.attributeDefinition.GroupAttributeDefinition:92]
> - resolv
>
> e '10101' ad 'isMemberOf' values 0
>
>
>
> Both the gsh and Grouper Plugin are running on the same machine and are
> using exactly the same configuration files of “grouper.hibernate.properties”
> and “sources.xml”.
>
>
>
> So is there anything wrong with my configuration of Grouper Plugin for
> Shibboleth?
>
>
>
> Thanks in advance!
>
>
>
> Jie
- [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/20/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Tom Zeller, 09/20/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Peter Schober, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Peter Schober, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Tom Zeller, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Chris Hyzer, 09/23/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/23/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Tom Zeller, 09/23/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Peter Schober, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Peter Schober, 09/22/2011
- RE: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Jie Lv, 09/22/2011
- Re: [grouper-users] Problem with configuration of Grouper Plugin for Shibboleth, Tom Zeller, 09/20/2011
Archive powered by MHonArc 2.6.16.