Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Fresh 2.2.1 Installation

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Fresh 2.2.1 Installation


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Bryan Wooten <>, "" <>
  • Subject: [grouper-users] RE: Fresh 2.2.1 Installation
  • Date: Tue, 3 Feb 2015 23:16:36 +0000
  • Accept-language: en-US

Im thinking you should disable url rewriting with jsessionid...

 

e.g.

https://fralef.me/tomcat-disable-jsessionid-in-url.html

 

Seems like a good security thing to do anyways right?

 

Thanks,

Chris

 

From: Bryan Wooten [mailto:]
Sent: Tuesday, February 03, 2015 3:27 PM
To: Chris Hyzer;
Subject: RE: Fresh 2.2.1 Installation

 

Hmm, grouper_error.log has this clue:

 

2015-02-03 13:20:19,231: [http-bio-8080-exec-6] ERROR CsrfGuardLogger.log(47) -  - potential cross-site request forgery (CSRF) attack thwarted (user:GrouperSystem, ip:155.101.205.178, method:GET, uri:/grouper/;jsessionid=A5FFC803A416F58090D3F3691077A6E5, error:required token is missing from the request)

 

I think my CAS web.xml config could be the issue? I didn’t see this 2.1.x. I am pointing at my standard U test CAS server.

 

-Bryan

 

 

From: Chris Hyzer []
Sent: Tuesday, February 03, 2015 12:42 PM
To: Bryan Wooten;
Subject: RE: Fresh 2.2.1 Installation

 

Anything else in logs or stdout / stderr from tomcat?

 

From: [] On Behalf Of Bryan Wooten
Sent: Tuesday, February 03, 2015 2:39 PM
To:
Subject: [grouper-users] Fresh 2.2.1 Installation

 

Ok, not sure what is going on here.

 

We have a fresh 2.2.1 installation, not an upgrade from 2.1.x

 

We have a CASified Grouper UI. The CAS login is successful.

 

I have run the following GSH script:

 

grouperSession = GrouperSession.startRootSession();

addGroup("etc", "sysadmingroup", "SysAdmin Group")

addMember("etc:sysadmingroup", "GrouperSystem")

addMember("etc:sysadmingroup", "u0519980")

 

After login the UI displays this:

 

Maybe your session timed out and you need to start again. This should not happen under normal operation. CSRF error.

 

I click “start over” and  I get this:

 

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

 

Ideas?

 

 

 

Bryan Wooten

 

UIT-Common Infrastructure Systems

Work: 801.585.9323

Cell: 801.414.3593

 




Archive powered by MHonArc 2.6.16.

Top of Page