Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] New install of 2.2.1 - UI denied access

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] New install of 2.2.1 - UI denied access


Chronological Thread 
  • From: "Imholz, John J." <>
  • To: "'Chris Hyzer'" <>, "'Vivek Sachdeva'" <>
  • Cc: "" <>
  • Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access
  • Date: Wed, 9 Sep 2015 16:15:50 +0000
  • Accept-language: en-US

I forgot to edit after full re-install.  I now have a message about an anonymous session.  Is there a debug page to show what headers are being passed to tomcat?

 

Also, is the Technical FAQ [1] based on a different install of UI?   Should that be reworded to include Newcastle’s instructions? [2]

 

jji

 

[1] https://spaces.internet2.edu/display/Grouper/Technical+FAQ#TechnicalFAQ-faq5

[2] https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib

 

 

From: Chris Hyzer [mailto:]
Sent: Wednesday, September 09, 2015 10:50 AM
To: Imholz, John J. <>; 'Vivek Sachdeva' <>
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

And you edited the web.xml to take the bottom authn security stuff out right?

 

From: Imholz, John J. []
Sent: Wednesday, September 09, 2015 10:21 AM
To: Chris Hyzer; 'Vivek Sachdeva'
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

No, I’ve got apache putting my id “900001976” in REMOTE_USER, but the UI renders:

 

<html>

<head>

<meta http-equiv="refresh" content="0;url="app/UiV2Main.index"" />

<title></title>

</head>

<body>

<a href=""appHtml/grouper.html">--&gt;</a>"

</body>

</html>

 

And what looks like a basic auth box pops up for “Grouper Application”

 

jji

 

From: Chris Hyzer []
Sent: Wednesday, September 09, 2015 9:20 AM
To: Imholz, John J. <>; 'Vivek Sachdeva' <>
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

 

Does this work now that the subject source problem was fixed?

 

From: [] On Behalf Of Imholz, John J.
Sent: Friday, September 04, 2015 11:16 AM
To: 'Vivek Sachdeva'
Cc:
Subject: RE: [grouper-users] New install of 2.2.1 - UI denied access

 

The Technical FAQ:  https://spaces.internet2.edu/display/Grouper/Technical+FAQ

 

Indicates that Grouper UI will recognize that REMOTE_USER is there, and proceed accordingly. 

 

Once I got Apache httpd, passing REMOTE_USER, I no longer get prompted for basicAuth.  So, it seems to be an authorization problem.

 

jji

 

From: Vivek Sachdeva []
Sent: Thursday, September 03, 2015 3:48 PM
To: Imholz, John J. <>
Cc:
Subject: Re: [grouper-users] New install of 2.2.1 - UI denied access

 

 

It's been a while since I secured Grouper UI using Shib. I think by default grouper uses basic authentication and you will need to modify web.xml file and remove all the security tags from it. Link below helped me

 

 

Thanks,

Vivek Sachdeva

 

 

 

 

On Thu, Sep 3, 2015 at 12:34 PM, Imholz, John J. <> wrote:

I've installed with grouper installer.

With gsh added myself to wheel.  (didn't fix the problem, because of grouper.properties setting)

Edited <installer>/conf/grouper.properties to include:  groups.wheel.use = true

Ran:  cd grouper.ui-2.2.1 ; ant dist

Restarted tomcat:  bin/shutdown.sh ; bin/startup.sh

Fronted the app with apache w/shib.

I get a "403 Access to the requested resource has been denied"  when I try to goto the UI (initially https://grouperdev.musc.edu/grouper, but gets redirected to https://grouperdev.musc.edu/grouper/grouperUi/app/UiV2Main.index)


Apache is passing: REMOTE_USER = 900001976

And that's how I found my subject in gsh (when adding to wheel)
    addMember("etc:sysadmingroup", "900001976")

I'm sure I missed something.  Any suggestions?

jji

 




Archive powered by MHonArc 2.6.16.

Top of Page