grouper-users - [grouper-users] Re: Grouper UI authentication with CAS
Subject: Grouper Users - Open Discussion List
List archive
- From: "Waldbieser, Carl" <>
- To: Emily Eisbruch <>
- Cc: Baron Fujimoto <>, Grouper Users <>
- Subject: [grouper-users] Re: Grouper UI authentication with CAS
- Date: Fri, 21 Aug 2015 09:54:57 -0400 (EDT)
Emily,
I have updated Lafayette's entry to reference how CAS fits into our
deployment.
Thanks,
Carl
----- Original Message -----
From: "Emily Eisbruch"
<>
To: "waldbiec"
<>,
"Baron Fujimoto"
<>
Cc: "Grouper Users"
<>
Sent: Friday, August 21, 2015 9:25:29 AM
Subject: Re: Grouper UI authentication with CAS
Carl,
Would you be willing to add some info on the Lafayette College use of the CAS
proxy on the community contributions page at
https://spaces.internet2.edu/display/Grouper/Lafeyette+College+Grouper+Page
Then we can add the CAS tag and the Lafayette experience with CAS will be
linked on this list:
https://spaces.internet2.edu/display/Grouper/Use+Cases+by+Category#UseCasesbyCategory-cas
Thank you,
Emily
PS: I will fix the broken links that Baron found, with help from the Grouper
team.
Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2
office: +1-734-352-4996 | mobile +1-734-730-5749
________________________________________
From:
<>
on behalf of Waldbieser, Carl
<>
Sent: Friday, August 21, 2015 9:07 AM
To: Baron Fujimoto
Cc: Grouper Users
Subject: Re: [grouper-users] Grouper UI authentication with CAS
Baron,
We just ended up placing an authenticating CAS proxy in front of the Grouper
UI.
I had success with both mod_auth_cas [1] and txcasproxy [2] in development.
We are currently using mod_auth_cas in production.
Basically, you can use any authenticating proxy that either sets
"REMOTE_USER" as an environment variable in the Grouper process or sets
"REMOTE_USER" as an HTTP header. Grouper must explicitly be configured to
accept the authenticated user as a header. The name is configurable, too.
Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College
[1] https://github.com/Jasig/mod_auth_cas
[2] https://github.com/cwaldbieser/txcasproxy
----- Original Message -----
From: "Baron Fujimoto"
<>
To: "Grouper Users"
<>
Sent: Friday, August 21, 2015 1:21:26 AM
Subject: [grouper-users] Grouper UI authentication with CAS
I'm attempting to configure the Grouper (2.2) UI to authenticate using
CAS.
The basic documentation I'm trying to follow is:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-authn>
The "Yale CAS Authentication" link points to
<https://spaces.internet2.edu/display/Grouper/Contributions>
but that page warns that it's an older version and that a the newer
contributions page should be used instead:
<https://spaces.internet2.edu/display/Grouper/Community+Contributions>
On that page, under Code Contributions, there's a link to "yale-cas-auth"
that points to
<http://middleware.internet2.edu/dir/groups/grouper/grouper-0.9/ui-docs/contrib/yale-cas-auth/README.html>
but that page is 404.
However, I'm assuming that README.html is the same one found in
grouper.ui-2.2.1/contrib/yale-cas-auth/
The README advises to build it using the "additional.build" property.
In build.properties, I have set:
additional.build=${basedir}/../grouper-ui-custom/additional-build.xml
and in ../grouper-ui-custom/additional-build.xml I have:
=====
<project name="additional">
<target name="webapp">
<!-- if i dont have this here, it doesnt work (doesnt pass it on to other
ant file) -->
<property name="cp3" refid="ui.class.path" />
<ant antfile="build.xml" target="webapp"
dir="${contrib.dir}/yale-cas-auth" inheritrefs="true" />
</target>
<!-- this target is required even if blank -->
<target name="resources">
</target>
</project>
=====
However when I try to build with "ant dist" I get the following error:
=====
...
-additional-build:
[echo] Calling site specific build script -
'/home/grouper/grouper/grouper.ui-2.2.1/../grouper-ui-custom/additional-build.xml'
- target=resources
BUILD FAILED
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:193: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:773: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:332: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:658: Reference
ui.class.path.for.run not found.
=====
So I'm stuck here at the moment.
The yale-cas README also instructs you to override the callLogin action
in struts-config.xml and references another defunct page at
<https://wiki.internet2.edu/confluence/display/GrouperWG/Customising+the+Grouper+UI+v1.0>
I'm assuming these are the current docs for how to do this:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-modifyingstruts>
So I have the (as yet untested) in
grouper-ui-custom/webapp/WEB-INF/struts-config-custom.xml
=====
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd">
<struts-config>
<action path="/callLogin" scope="request"
type="edu.internet2.middleware.grouper.ui.actions.CallLoginAction"
unknown="false" validate="false">
<forward name="callLogin" path="/home.do" redirect="true"/>
</action>
</struts-config>
=====
Is this the right approach? I didn't see the equivalent of an
additional.build definition to tell it to actually look for the
struts-config-custom.xml file, but I'm trying to piece this together from
the what I find in the wiki so I kind of guessing at the moment.
--
Baron Fujimoto
<>
:: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
- [grouper-users] Grouper UI authentication with CAS, Baron Fujimoto, 08/21/2015
- Re: [grouper-users] Grouper UI authentication with CAS, Waldbieser, Carl, 08/21/2015
- [grouper-users] RE: Grouper UI authentication with CAS, Bryan Wooten, 08/21/2015
- [grouper-users] Re: Grouper UI authentication with CAS, Emily Eisbruch, 08/21/2015
- [grouper-users] Re: Grouper UI authentication with CAS, Waldbieser, Carl, 08/21/2015
- [grouper-users] Re: Grouper UI authentication with CAS, Emily Eisbruch, 08/21/2015
- [grouper-users] Re: Grouper UI authentication with CAS, Waldbieser, Carl, 08/21/2015
- Re: [grouper-users] Grouper UI authentication with CAS, Robert Bradley, 08/21/2015
- Re: [grouper-users] Grouper UI authentication with CAS, Waldbieser, Carl, 08/21/2015
- Re: [grouper-users] Grouper UI authentication with CAS, John Gasper, 08/21/2015
- Re: [grouper-users] Grouper UI authentication with CAS, Baron Fujimoto, 08/26/2015
- Re: [grouper-users] Grouper UI authentication with CAS, Waldbieser, Carl, 08/21/2015
Archive powered by MHonArc 2.6.16.