Grouper Users - Open Discussion List

[David Langenberg <>]

Yes, using the grouper-shib connector is not the normal way of integrating the two unless you have very specific use-cases.  The normal way of doing it is to push the group information into either a LDAP server or a SQL database and then consume the groups from there.  This eliminates the need to also install all the grouper API and supporting jars into your IdP.  The primary use for the shib-connector is to support the PSP which uses the Shibboleth Attribute Resolver to assist with pushing groups to LDAP/AD.

Dave

On Fri, Sep 26, 2014 at 10:51 AM, Chris Hyzer <> wrote:

One of the problem is that the connector uses the Grouper API (not WS).  This is an issue for two reasons:

 

1.       Theres a lot of jars you now have to put in your shib app, which might have conflicting versions (if you see conflicting jars, use the more recent one?)

2.       When you upgrade grouper, you will have to upgrade that API inside of shib

 

At penn we have  a datafeed that sends some memberships to a database that has a shib SQL connector…  you could do that with attributes too.

 

Not sure who is using this connector in shib, but the PSP uses it I believe

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Michael White
Sent: Thursday, September 25, 2014 10:16 AM
To:
Subject: [grouper-users] Grouper and Shibboleth IdP integration?

 

Hi,

 

I'm currently trying to set up the Grouper-Shibboleth integration on my Shibboleth IdP DEV system (i.e. the Grouper Data Connector and Attribute Definitions), but I'm not getting very far so wondered if there was anyone out there who's already been down this road and could offer some pointers?

 

I've been trying to follow the instructions on this page https://spaces.internet2.edu/display/Grouper/Grouper+Shibboleth+Integration (and subsequently trying things from this page: https://spaces.internet2.edu/display/Grouper/Grouper+and+Shibboleth+Integration) - but I seem to be missing some key bits of information or understanding on my part as no matter what I try, every time I try and start up the IdP it complains about various "SAXParseException" issues with my attribute-resolver.xml file that I've not been able to eradicate . . .

 

Is there anyone out there who has this working who could possibly share their (sanitized) Shibboleth IdP's attribute-resolver.xml file so that I can compare with mine and hopefully see where I'm going wrong?

 

Or if anyone has any other hints, tips, or pointers to further reading that might help me get this up and running, they would be more than welcome!

 

Cheers,

 

Mike

Michael White
eLearning Liaison and Development (eLD)
Information Services
S8, Library
University of Stirling
Stirling SCOTLAND
FK9 4LA

Email:
Tel: +44 (0) 1786 466877
Fax: +44 (0) 1786 466880

http://www.stir.ac.uk/is/staff/about/teams/aldt/#eld

 

 

 

---

The University of Stirling has been ranked in the top 12 of UK universities for graduate employment*.

94% of our 2012 graduates were in work and/or further study within six months of graduation.

*The Telegraph

The University of Stirling is a charity registered in Scotland, number SC 011159.

--
David Langenberg

Identity & Access Management

The University of Chicago