Grouper Users - Open Discussion List

["Imholz, John J." <>]

I forgot to edit after full re-install.  I now have a message about an anonymous session.  Is there a debug page to show what headers are being passed to tomcat?

 

Also, is the Technical FAQ [1] based on a different install of UI?   Should that be reworded to include Newcastle’s instructions? [2]

 

jji

 

[1] https://spaces.internet2.edu/display/Grouper/Technical+FAQ#TechnicalFAQ-faq5

[2] https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib

 

 

From: Chris Hyzer [mailto:]
Sent: Wednesday, September 09, 2015 10:50 AM
To: Imholz, John J. <>; 'Vivek Sachdeva' <>
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

And you edited the web.xml to take the bottom authn security stuff out right?

 

From: Imholz, John J. []
Sent: Wednesday, September 09, 2015 10:21 AM
To: Chris Hyzer; 'Vivek Sachdeva'
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

No, I’ve got apache putting my id “900001976” in REMOTE_USER, but the UI renders:

 

<html>

<head>

<meta http-equiv="refresh" content="0;url="app/UiV2Main.index"" />

<title></title>

</head>

<body>

<a href=""appHtml/grouper.html">--&gt;</a>"

</body>

</html>

 

And what looks like a basic auth box pops up for “Grouper Application”

 

jji

 

From: Chris Hyzer []
Sent: Wednesday, September 09, 2015 9:20 AM
To: Imholz, John J. <>; 'Vivek Sachdeva' <>
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

 

Does this work now that the subject source problem was fixed?

 

From: [] On Behalf Of Imholz, John J.
Sent: Friday, September 04, 2015 11:16 AM
To: 'Vivek Sachdeva'
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

The Technical FAQ:  https://spaces.internet2.edu/display/Grouper/Technical+FAQ

 

Indicates that Grouper UI will recognize that REMOTE_USER is there, and proceed accordingly. 

 

Once I got Apache httpd, passing REMOTE_USER, I no longer get prompted for basicAuth.  So, it seems to be an authorization problem.

 

jji

 

From: Vivek Sachdeva []
Sent: Thursday, September 03, 2015 3:48 PM
To: Imholz, John J. <>
Cc:
Subject: Re: [grouper-users] New install of 2.2.1 - UI denied access

 

 

It's been a while since I secured Grouper UI using Shib. I think by default grouper uses basic authentication and you will need to modify web.xml file and remove all the security tags from it. Link below helped me

 

https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib

 

Thanks,

Vivek Sachdeva

 

 

 

 

On Thu, Sep 3, 2015 at 12:34 PM, Imholz, John J. <> wrote:

I've installed with grouper installer.

With gsh added myself to wheel.  (didn't fix the problem, because of grouper.properties setting)

Edited <installer>/conf/grouper.properties to include:  groups.wheel.use = true

Ran:  cd grouper.ui-2.2.1 ; ant dist

Restarted tomcat:  bin/shutdown.sh ; bin/startup.sh

Fronted the app with apache w/shib.

I get a "403 Access to the requested resource has been denied"  when I try to goto the UI (initially https://grouperdev.musc.edu/grouper, but gets redirected to https://grouperdev.musc.edu/grouper/grouperUi/app/UiV2Main.index)


Apache is passing: REMOTE_USER = 900001976

And that's how I found my subject in gsh (when adding to wheel)
    addMember("etc:sysadmingroup", "900001976")

I'm sure I missed something.  Any suggestions?

jji