Grouper Users - Open Discussion List

[Chris Hyzer <>]

Local entities can have an attribute which is the subject identifier.

This is autocreated for you, depending on your config, might be here:

etc:attribute:entities:entitySubjectIdentifier

Assign this to the local entity (e.g. with UI), and give the string value 
which is the identifier (with no colons in it).

Then try to authenticate with that value and see if it works.

Let me know
Thanks,
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Mike Roszkowski
Sent: Tuesday, October 16, 2012 11:14 AM
To: 

Subject: [grouper-users] Local entity for WS service account

I'd like to create a "service account" in grouper for an application.
The app will use web services to access grouper, so needs to be
able to authenticate via basic auth to the grouper web services.

My first attempt was to use gsh's addSubject("mst-test","application","MST 
test account")
and set the loginid, name, and description subject attributes,
but that doesn't seem to create a subject, as findSubject("mst-test") returns
// Error: subject not found: mst-test

So, I thought I'd try a local entity. I created one using the Lite UI called:
control:applications:mst-test

findSubject("control:applications:mst-test") works, but now I'm faced with
trying to authenticate control:applications:mst-test via tomcat basic
auth and the colon is an illegal character in basic auth usernames per
RFC-2617.

Is there a way I can use a local entity to authenticate via basic auth
to grouper-ws? Or is there another approach I should be using to create
a "service account?"

Thanks for any help you can offer.
--Mike Roszkowski
University of Wisconsin-Madison