grouper-users - Re: [grouper-users] Local entity for WS service account
Subject: Grouper Users - Open Discussion List
List archive
- From: Mike Roszkowski <>
- To: Chris Hyzer <>
- Cc: "" <>
- Subject: Re: [grouper-users] Local entity for WS service account
- Date: Tue, 16 Oct 2012 10:52:15 -0500
Thanks for the reply, Chris. I should have mentioned that I did try to do
this.
I used Lite UI to assign the attribute to the local entity, but when I tried
to assign a value to the attribute, I got this:
Error: Value must start with the entity's folder name:
'control:applications:',
Exception in save:
edu.internet2.middleware.grouper.attr.value.AttributeAssignValue,
edu.internet2.middleware.grouper.hibernate.ByObject@208888e2,
Problem in
HibernateSession: HibernateSession: isNew: false, isReadonly: false,
grouperTransactionType:
READ_WRITE_NEW, Exception in saveOrUpdate:
edu.internet2.middleware.grouper.attr.value.AttributeAssignValue,
ByObjectStatic, query: ', cacheable: null, cacheRegion: null, entityName:
null, tx type: null,
Problem in HibernateSession: HibernateSession: isNew: true, isReadonly:
false, grouperTransactionType:
READ_WRITE_NEW, Problem calling method assignAddValueSubmit on
edu.internet2.middleware.grouper.grouperUi.serviceLogic.SimpleAttributeUpdate
So it will only let me assign a value that also has colons in it, I think.
I did find that the subject-identifier that was generated (a uuid) for the
local entity can be used to
authenticate that account, but it would be nice to give it a more
developer-friendly
name than a 32-character hex string!
--Mike
On 10/16/12 10:32 AM, Chris Hyzer wrote:
Local entities can have an attribute which is the subject identifier.
This is autocreated for you, depending on your config, might be here:
etc:attribute:entities:entitySubjectIdentifier
Assign this to the local entity (e.g. with UI), and give the string value
which is the identifier (with no colons in it).
Then try to authenticate with that value and see if it works.
Let me know
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Mike Roszkowski
Sent: Tuesday, October 16, 2012 11:14 AM
To:
Subject: [grouper-users] Local entity for WS service account
I'd like to create a "service account" in grouper for an application.
The app will use web services to access grouper, so needs to be
able to authenticate via basic auth to the grouper web services.
My first attempt was to use gsh's addSubject("mst-test","application","MST test
account")
and set the loginid, name, and description subject attributes,
but that doesn't seem to create a subject, as findSubject("mst-test") returns
// Error: subject not found: mst-test
So, I thought I'd try a local entity. I created one using the Lite UI called:
control:applications:mst-test
findSubject("control:applications:mst-test") works, but now I'm faced with
trying to authenticate control:applications:mst-test via tomcat basic
auth and the colon is an illegal character in basic auth usernames per
RFC-2617.
Is there a way I can use a local entity to authenticate via basic auth
to grouper-ws? Or is there another approach I should be using to create
a "service account?"
Thanks for any help you can offer.
--Mike Roszkowski
University of Wisconsin-Madison
- [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/16/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
- Re: [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/16/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
- Re: [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/16/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
- Re: [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/22/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
- Re: [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/16/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
- Re: [grouper-users] Local entity for WS service account, Mike Roszkowski, 10/16/2012
- RE: [grouper-users] Local entity for WS service account, Chris Hyzer, 10/16/2012
Archive powered by MHonArc 2.6.16.