Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Probably a dumb question.

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Probably a dumb question.


Chronological Thread 
  • From: Peter DiCamillo <>
  • To: Michael McManaman <>,
  • Subject: Re: [grouper-users] Probably a dumb question.
  • Date: Mon, 14 Dec 2015 19:28:03 -0500
  • Authentication-results: cox.net; auth=pass (PLAIN)

Have you tried using basic authentication with Apache instead of using Shib? That could be useful for debugging to indicate whether it's a Shib configuration problem or something else. Also, have you checked that the value you are providing in REMOTE_USER is something which works when you search for the user in the Grouper UI?

Peter

On 12/14/15 4:27 PM, Michael McManaman wrote:
We used the grouper installer, then went back and retrofitted our OS installed tomcat as the java app server.
We've tried both mod_jk and mod_proxy_ajp with the same results.
It looks like tomcat talks to apache OK, but the grouper pieces just are failing.


On 12/14/2015 03:36 PM, Peter DiCamillo wrote:
Hi, at Brown we put Apache in front of Tomcat using mod_proxy_ajp. Doing that preserves REMOTE_USER for Grouper. Then we configure Shib authentication in Apache in the usual way.

Peter

On 12/14/15 3:03 PM, Michael McManaman wrote:
Hey everybody -

I'm new to the internet2/grouper project, so bear with me, if you have the time.

I've followed the Newcastle U. GrouperUI with Shib doc, I've also follow a GrouperUI/shib related doc out of the university of Alaska.
And finally I've followed the Consortium GARR project/pdf on Shibbolizing Grouper. All 3 were new installs of grouper, to avoid any confusion with configs.
The last one looked very promising, but I always end up with an 'You have an anonymous session...' type-error for the most part.

We do not have CAS set up here and I'm wondering, seeing CAS and Grouper seem to be mentioned together frequently that CAS has to be implemented to get a shibbolized Grouper login configured correctly?.

I have the SP configured correctly (we do shib SPs for many other services) and am populating the REMOTE_USER variable - I can authenticate successfully against our IdP, but there must be a step that i'm missing.

Maybe?

Anyone have any ideas?


Thanks!
Mike







Archive powered by MHonArc 2.6.16.

Top of Page