Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Setting Web Services

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Setting Web Services


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Jeffrey Crawford <>, Scott Koranda <>
  • Cc: Gouper Users List <>
  • Subject: RE: [grouper-users] Setting Web Services
  • Date: Wed, 4 May 2016 00:43:49 +0000
  • Accept-language: en-US
  • Authentication-results: ucsc.edu; dkim=none (message not signed) header.d=none;ucsc.edu; dmarc=none action=none header.from=isc.upenn.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

Username cant contain a colon in basic auth:

 

http://stackoverflow.com/questions/11612854/http-https-basic-authentication-colon-in-username

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Jeffrey Crawford
Sent: Tuesday, May 03, 2016 7:44 PM
To: Scott Koranda <>
Cc: Gouper Users List <>
Subject: Re: [grouper-users] Setting Web Services

 

I did do that and I just got it working, basically it was a combination of needing to add -XX:MaxPermSize=150m to the tomcat java line to prevent out of memory errors. Understanding the relationship between Apache REMOTE_USER and grouper-ws.properties. (Hint there is none). and adding a new ldap source entry in sources.xml so that the system understands where the web service accounts are.

I was hoping to use a Grouper local entity be the account base for service accounts but I couldn't figure out how to make it match what was in REMOTE_USER. If I added an ldap account like ucsc:service-accts:svc1 the apache mod_authz_ldap sets REMOTE_USER to "ucsc" only, for some reason it's cutting off at the first ":". I'll have to figure out why another day.


Jeffrey

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

 

On Tue, May 3, 2016 at 3:42 PM, Scott Koranda <> wrote:

Hi,

> I'm having a hard time trying to get external auth working for Grouper Web
> Services. I have Apache set up to perform Basic Auth against our LDAP server.
> The ​configuration seem to be working since I can see the authenticated user in
> the logs. However it looks like all the requests are getting a 500 error and I
> get the message "SEVERE: Web service did not even respond!" from the grouper
> client.

Did you review web.xml and in particular the
<security-constraint>, <login-config>, and <security-role>
elements?

You probably want to just remove them.

Note that in the web.xml deployed by default for WS there
is a <security-constraint> element that is already commented
out as part of an optional ESB listener servlet. Be careful if
you delete it because the closing element
</security-constraint> is on a line that contains the "close
comment" XML syntax "-->".

Scott K

 


Archive powered by MHonArc 2.6.16.

Top of Page