Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Local entity for WS service account

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Local entity for WS service account

Chronological Thread 
  • From: Mike Roszkowski <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Local entity for WS service account
  • Date: Tue, 16 Oct 2012 10:52:15 -0500

Thanks for the reply, Chris. I should have mentioned that I did try to do
I used Lite UI to assign the attribute to the local entity, but when I tried
to assign a value to the attribute, I got this:

Error: Value must start with the entity's folder name:
Exception in save:
Problem in
HibernateSession: HibernateSession: isNew: false, isReadonly: false,
READ_WRITE_NEW, Exception in saveOrUpdate:
ByObjectStatic, query: ', cacheable: null, cacheRegion: null, entityName:
null, tx type: null,
Problem in HibernateSession: HibernateSession: isNew: true, isReadonly:
false, grouperTransactionType:
READ_WRITE_NEW, Problem calling method assignAddValueSubmit on

So it will only let me assign a value that also has colons in it, I think.

I did find that the subject-identifier that was generated (a uuid) for the
local entity can be used to
authenticate that account, but it would be nice to give it a more
name than a 32-character hex string!


On 10/16/12 10:32 AM, Chris Hyzer wrote:
Local entities can have an attribute which is the subject identifier.

This is autocreated for you, depending on your config, might be here:


Assign this to the local entity (e.g. with UI), and give the string value
which is the identifier (with no colons in it).

Then try to authenticate with that value and see if it works.

Let me know

-----Original Message-----

On Behalf Of Mike Roszkowski
Sent: Tuesday, October 16, 2012 11:14 AM

Subject: [grouper-users] Local entity for WS service account

I'd like to create a "service account" in grouper for an application.
The app will use web services to access grouper, so needs to be
able to authenticate via basic auth to the grouper web services.

My first attempt was to use gsh's addSubject("mst-test","application","MST test
and set the loginid, name, and description subject attributes,
but that doesn't seem to create a subject, as findSubject("mst-test") returns
// Error: subject not found: mst-test

So, I thought I'd try a local entity. I created one using the Lite UI called:

findSubject("control:applications:mst-test") works, but now I'm faced with
trying to authenticate control:applications:mst-test via tomcat basic
auth and the colon is an illegal character in basic auth usernames per

Is there a way I can use a local entity to authenticate via basic auth
to grouper-ws? Or is there another approach I should be using to create
a "service account?"

Thanks for any help you can offer.
--Mike Roszkowski
University of Wisconsin-Madison

Archive powered by MHonArc 2.6.16.

Top of Page