Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Grouper UI authentication with CAS

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Grouper UI authentication with CAS


Chronological Thread 
  • From: Emily Eisbruch <>
  • To: "Waldbieser, Carl" <>
  • Cc: Baron Fujimoto <>, Grouper Users <>
  • Subject: [grouper-users] Re: Grouper UI authentication with CAS
  • Date: Fri, 21 Aug 2015 15:04:01 +0000
  • Accept-language: en-US
  • Authentication-results: hawaii.edu; dkim=none (message not signed) header.d=none;

Carl,
Great, I added the CAS tag to the page. Lafayette is now showing up with the
listing of deployers who've shared a community contribution involving Grouper
and CAS:

https://spaces.internet2.edu/display/Grouper/Use+Cases+by+Category#UseCasesbyCategory-cas

Thanks,
Emily

Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749


________________________________________
From: Waldbieser, Carl
<>
Sent: Friday, August 21, 2015 9:54 AM
To: Emily Eisbruch
Cc: Baron Fujimoto; Grouper Users
Subject: Re: Grouper UI authentication with CAS

Emily,

I have updated Lafayette's entry to reference how CAS fits into our
deployment.

Thanks,
Carl

----- Original Message -----
From: "Emily Eisbruch"
<>
To: "waldbiec"
<>,
"Baron Fujimoto"
<>
Cc: "Grouper Users"
<>
Sent: Friday, August 21, 2015 9:25:29 AM
Subject: Re: Grouper UI authentication with CAS

Carl,

Would you be willing to add some info on the Lafayette College use of the CAS
proxy on the community contributions page at
https://spaces.internet2.edu/display/Grouper/Lafeyette+College+Grouper+Page

Then we can add the CAS tag and the Lafayette experience with CAS will be
linked on this list:
https://spaces.internet2.edu/display/Grouper/Use+Cases+by+Category#UseCasesbyCategory-cas

Thank you,
Emily

PS: I will fix the broken links that Baron found, with help from the Grouper
team.





Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749


________________________________________
From:


<>
on behalf of Waldbieser, Carl
<>
Sent: Friday, August 21, 2015 9:07 AM
To: Baron Fujimoto
Cc: Grouper Users
Subject: Re: [grouper-users] Grouper UI authentication with CAS

Baron,

We just ended up placing an authenticating CAS proxy in front of the Grouper
UI.
I had success with both mod_auth_cas [1] and txcasproxy [2] in development.
We are currently using mod_auth_cas in production.

Basically, you can use any authenticating proxy that either sets
"REMOTE_USER" as an environment variable in the Grouper process or sets
"REMOTE_USER" as an HTTP header. Grouper must explicitly be configured to
accept the authenticated user as a header. The name is configurable, too.

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

[1] https://github.com/Jasig/mod_auth_cas
[2] https://github.com/cwaldbieser/txcasproxy

----- Original Message -----
From: "Baron Fujimoto"
<>
To: "Grouper Users"
<>
Sent: Friday, August 21, 2015 1:21:26 AM
Subject: [grouper-users] Grouper UI authentication with CAS

I'm attempting to configure the Grouper (2.2) UI to authenticate using
CAS.

The basic documentation I'm trying to follow is:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-authn>

The "Yale CAS Authentication" link points to
<https://spaces.internet2.edu/display/Grouper/Contributions>

but that page warns that it's an older version and that a the newer
contributions page should be used instead:
<https://spaces.internet2.edu/display/Grouper/Community+Contributions>

On that page, under Code Contributions, there's a link to "yale-cas-auth"
that points to
<http://middleware.internet2.edu/dir/groups/grouper/grouper-0.9/ui-docs/contrib/yale-cas-auth/README.html>

but that page is 404.

However, I'm assuming that README.html is the same one found in
grouper.ui-2.2.1/contrib/yale-cas-auth/

The README advises to build it using the "additional.build" property.

In build.properties, I have set:
additional.build=${basedir}/../grouper-ui-custom/additional-build.xml

and in ../grouper-ui-custom/additional-build.xml I have:
=====
<project name="additional">

<target name="webapp">

<!-- if i dont have this here, it doesnt work (doesnt pass it on to other
ant file) -->
<property name="cp3" refid="ui.class.path" />

<ant antfile="build.xml" target="webapp"
dir="${contrib.dir}/yale-cas-auth" inheritrefs="true" />

</target>

<!-- this target is required even if blank -->
<target name="resources">

</target>

</project>
=====

However when I try to build with "ant dist" I get the following error:
=====
...
-additional-build:
[echo] Calling site specific build script -
'/home/grouper/grouper/grouper.ui-2.2.1/../grouper-ui-custom/additional-build.xml'
- target=resources

BUILD FAILED
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:193: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:773: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:332: The following error
occurred while executing this line:
/home/grouper/grouper/grouper.ui-2.2.1/build.xml:658: Reference
ui.class.path.for.run not found.
=====

So I'm stuck here at the moment.

The yale-cas README also instructs you to override the callLogin action
in struts-config.xml and references another defunct page at
<https://wiki.internet2.edu/confluence/display/GrouperWG/Customising+the+Grouper+UI+v1.0>

I'm assuming these are the current docs for how to do this:
<https://spaces.internet2.edu/display/Grouper/Customising+the+Grouper+UI#CustomisingtheGrouperUI-modifyingstruts>

So I have the (as yet untested) in
grouper-ui-custom/webapp/WEB-INF/struts-config-custom.xml
=====
<?xml version="1.0" encoding="ISO-8859-1"?>


<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.1//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_1.dtd";>

<struts-config>

<action path="/callLogin" scope="request"
type="edu.internet2.middleware.grouper.ui.actions.CallLoginAction"
unknown="false" validate="false">

<forward name="callLogin" path="/home.do" redirect="true"/>
</action>

</struts-config>
=====

Is this the right approach? I didn't see the equivalent of an
additional.build definition to tell it to actually look for the
struts-config-custom.xml file, but I'm trying to piece this together from
the what I find in the wiki so I kind of guessing at the moment.

--
Baron Fujimoto
<>
:: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum



Archive powered by MHonArc 2.6.16.

Top of Page