grouper-users - [grouper-users] RE: Grouper Admin Ui and Web Service
Subject: Grouper Users - Open Discussion List
List archive
- From: Chris Hyzer <>
- To: "Klug, Lawrence" <>
- Cc: "" <>
- Subject: [grouper-users] RE: Grouper Admin Ui and Web Service
- Date: Wed, 17 Oct 2012 15:56:24 +0000
- Accept-language: en-US
> Hi Chris, > > I saw the thread about “Local entity for WS service account”
> yesterday. That approach looks attractive – could we define
> a local entity that could be used for a WS service account and
> resolve to a subject for our Plone project? We are in QA now –
> we have Grouper Admin UI shib-protected and Grouper WS SSL
> protected – just need a service account strategy. What config
> steps are involved in setting this up? > > Thanks, > > Lawrence > Of course. Are you using SSL client certs for authn, or Kerberos, or user/pass in tomcat or apache?
J Basically, create a folder in your admin folders… e.g. etc:wsusers Then put the patch in place and rebuild WS: https://bugs.internet2.edu/jira/browse/GRP-856 Then create a local entity with the Grouper lite UI in the etc:wsusers folder (or wherever it is) If you want to login name to be the extension of the local entity, you don’t have to do this, otherwise, if you have special chars in your login name which cant be in an extension, then assign the attribute: etc:attribute:entities:entitySubjectIdentifier (or wherever this is located, that is configurable, and this is the default) And put a value on which is the login name. Then set this in the grouper-ws.properties (to whatever folder you use): # prepend this to the logged in user id to help this get resolved by the subject API
If you are using tomcat user/pass, put this section in the web.xml, if not, take it out:
<security-constraint>
<web-resource-collection>
<web-resource-name>Web
services</web-resource-name>
<url-pattern>/services/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>grouper_user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web
services</web-resource-name>
<url-pattern>/servicesRest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>grouper_user</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Grouper
Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description> The role that is required to log in to web service
</description>
<role-name>grouper_user</role-name>
</security-role>
<session-config>
<session-timeout>1</session-timeout>
</session-config> Hmmm, that should be it
J Thanks, Chris |
- [grouper-users] Grouper Admin Ui and Web Service, Klug, Lawrence, 10/15/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/15/2012
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/17/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/17/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Klug, Lawrence, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Klug, Lawrence, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Klug, Lawrence, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Klug, Lawrence, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Klug, Lawrence, 10/18/2012
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/18/2012
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- [grouper-users] RE: Grouper Admin Ui and Web Service, Chris Hyzer, 10/15/2012
Archive powered by MHonArc 2.6.16.