Grouper Users - Open Discussion List

["GW Brown, Information Systems and Computing" <>]

--On 14 October 2011 16:09 -1000 Baron Fujimoto 
<>
 wrote:

> : What is your searchSubjectByIdentifier definition? I think this
> : gives you the flexibility to set an arbitrary filter to map the
> : REMOTE_USER to the appropriate LDAP attribute.
>
>     <search>
>         <searchType>searchSubjectByIdentifier</searchType>
>         <param>
>             <param-name>filter</param-name>
>             <param-value>
>                 (&amp; (uid=%TERM%) (objectclass=uhEduPerson))
>             </param-value>
>         </param>
>         <param>
>             <param-name>scope</param-name>
>             <param-value>
>                 SUBTREE_SCOPE
>             </param-value>
>         </param>
>         <param>
>             <param-name>base</param-name>
>             <param-value>
>                 ou=people,dc=hawaii,dc=edu
>             </param-value>
>         </param>
>     </search>
>
> If I understand this correctly, then as long as %TERM% is being set to the
> REMOTE_USER, it should be searching the right thing in LDAP.  It appears
> to work as expected in another deployment where I'm still using a
> tomcat-users.xml conf file to define the grouper users and their
> credentials.
That is right, however, I think there is an error before you get to this 
stage - the CAS client library supplied with the contribution is very old 
and it looks like there may be a problem parsing the CAS response XML. This 
could happen if you were validating the ticket against a validator which 
returns SAML / multiple attributes. Currently only CAS 2 messages are 
understood.

Gary


----------------------
GW Brown, IT Services