Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] New install of 2.2.1 - UI denied access

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] New install of 2.2.1 - UI denied access


Chronological Thread 
  • From: "Imholz, John J." <>
  • To: "'Vivek Sachdeva'" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access
  • Date: Fri, 4 Sep 2015 15:16:07 +0000
  • Accept-language: en-US

The Technical FAQ:  https://spaces.internet2.edu/display/Grouper/Technical+FAQ

 

Indicates that Grouper UI will recognize that REMOTE_USER is there, and proceed accordingly. 

 

Once I got Apache httpd, passing REMOTE_USER, I no longer get prompted for basicAuth.  So, it seems to be an authorization problem.

 

jji

 

From: Vivek Sachdeva [mailto:]
Sent: Thursday, September 03, 2015 3:48 PM
To: Imholz, John J. <>
Cc:
Subject: Re: [grouper-users] New install of 2.2.1 - UI denied access

 

It's been a while since I secured Grouper UI using Shib. I think by default grouper uses basic authentication and you will need to modify web.xml file and remove all the security tags from it. Link below helped me

 

 

Thanks,

Vivek Sachdeva

 

 

 

 

On Thu, Sep 3, 2015 at 12:34 PM, Imholz, John J. <> wrote:

I've installed with grouper installer.

With gsh added myself to wheel.  (didn't fix the problem, because of grouper.properties setting)

Edited <installer>/conf/grouper.properties to include:  groups.wheel.use = true

Ran:  cd grouper.ui-2.2.1 ; ant dist

Restarted tomcat:  bin/shutdown.sh ; bin/startup.sh

Fronted the app with apache w/shib.

I get a "403 Access to the requested resource has been denied"  when I try to goto the UI (initially https://grouperdev.musc.edu/grouper, but gets redirected to https://grouperdev.musc.edu/grouper/grouperUi/app/UiV2Main.index)


Apache is passing: REMOTE_USER = 900001976

And that's how I found my subject in gsh (when adding to wheel)
    addMember("etc:sysadmingroup", "900001976")

I'm sure I missed something.  Any suggestions?

jji

 




Archive powered by MHonArc 2.6.16.

Top of Page