Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Grouper UI authentication with CAS

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Grouper UI authentication with CAS


Chronological Thread 
  • From: Bryan Wooten <>
  • To: Grouper Users <>
  • Subject: [grouper-users] RE: Grouper UI authentication with CAS
  • Date: Fri, 21 Aug 2015 13:23:54 +0000
  • Accept-language: en-US

I successful put CAS Java filters into Grouper for UI auth.

Let me know if you want my config info.

Bryan Wooten
Tel: (801)585-9323
Email:





-----Original Message-----
From:


[mailto:]
On Behalf Of Waldbieser, Carl
Sent: Friday, August 21, 2015 7:08 AM
To: Baron Fujimoto
Cc: Grouper Users
Subject: Re: [grouper-users] Grouper UI authentication with CAS

Baron,

We just ended up placing an authenticating CAS proxy in front of the Grouper
UI.
I had success with both mod_auth_cas [1] and txcasproxy [2] in development.
We are currently using mod_auth_cas in production.

Basically, you can use any authenticating proxy that either sets
"REMOTE_USER" as an environment variable in the Grouper process or sets
"REMOTE_USER" as an HTTP header. Grouper must explicitly be configured to
accept the authenticated user as a header. The name is configurable, too.

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

[1] https://github.com/Jasig/mod_auth_cas
[2] https://github.com/cwaldbieser/txcasproxy

----- Original Message -----
From: "Baron Fujimoto"
<>
To: "Grouper Users"
<>
Sent: Friday, August 21, 2015 1:21:26 AM
Subject: [grouper-users] Grouper UI authentication with CAS

I'm attempting to configure the Grouper (2.2) UI to authenticate using CAS.

The basic documentation I'm trying to follow is:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-authn>

The "Yale CAS Authentication" link points to
<https://spaces.internet2.edu/display/Grouper/Contributions>

but that page warns that it's an older version and that a the newer
contributions page should be used instead:
<https://spaces.internet2.edu/display/Grouper/Community+Contributions>

On that page, under Code Contributions, there's a link to "yale-cas-auth"
that points to
<http://middleware.internet2.edu/dir/groups/grouper/grouper-0.9/ui-docs/contrib/yale-cas-auth/README.html>

but that page is 404.

However, I'm assuming that README.html is the same one found in
grouper.ui-2.2.1/contrib/yale-cas-auth/

The README advises to build it using the "additional.build" property.

In build.properties, I have set:
additional.build=${basedir}/../grouper-ui-custom/additional-build.xml

and in ../grouper-ui-custom/additional-build.xml I have:
=====
<project name="additional">

<target name="webapp">

<!-- if i dont have this here, it doesnt work (doesnt pass it on to other
ant file) -->
<property name="cp3" refid="ui.class.path" />

<ant antfile="build.xml" target="webapp"
dir="${contrib.dir}/yale-cas-auth" inheritrefs="true" />

</target>

<!-- this target is required even if blank -->
<target name="resources">

</target>

</project>
=====

However when I try to build with "ant dist" I get the following error:
=====
...
-additional-build:
[echo] Calling site specific build script -
'/home/grouper/grouper/grouper.ui-2.2.1/../grouper-ui-custom/additional-build.xml'
- target=resources

BUILD FAILED
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:193: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:773: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:332: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:658: Reference
ui.class.path.for.run not found.
=====

So I'm stuck here at the moment.

The yale-cas README also instructs you to override the callLogin action in
struts-config.xml and references another defunct page at
<https://wiki.internet2.edu/confluence/display/GrouperWG/Customising+the+Grouper+UI+v1.0>

I'm assuming these are the current docs for how to do this:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-modifyingstruts>

So I have the (as yet untested) in
grouper-ui-custom/webapp/WEB-INF/struts-config-custom.xml
=====
<?xml version="1.0" encoding="ISO-8859-1"?>


<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd";>

<struts-config>

<action path="/callLogin" scope="request"
type="edu.internet2.middleware.grouper.ui.actions.CallLoginAction"
unknown="false" validate="false">

<forward name="callLogin" path="/home.do" redirect="true"/>
</action>

</struts-config>
=====

Is this the right approach? I didn't see the equivalent of an
additional.build definition to tell it to actually look for the
struts-config-custom.xml file, but I'm trying to piece this together from the
what I find in the wiki so I kind of guessing at the moment.

--
Baron Fujimoto
<>
:: UH Information Technology Services minutas cantorum, minutas balorum,
minutas carboratum desendus pantorum



Archive powered by MHonArc 2.6.16.

Top of Page