Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Setting Web Services

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Setting Web Services


Chronological Thread 
  • From: Jeffrey Crawford <>
  • To: "Hyzer, Chris" <>
  • Cc: Scott Koranda <>, Gouper Users List <>
  • Subject: Re: [grouper-users] Setting Web Services
  • Date: Wed, 4 May 2016 10:03:22 -0700
Well gee just rain on my parade ;). In any case thanks for the positive response on the negative of colons in usernames.

Actually using an alternate source kinda makes using LDAP based service accounts easier. If I need to block them I can always use "Require ldap-user" in the config so only authorized service accounts can log in. Otherwise it simplifies the setup.

Jeffrey

Both pilots and IT professionals require training and currency before charging into clouds!
---------------------------------------

On Tue, May 3, 2016 at 5:43 PM, Hyzer, Chris <> wrote:

Username cant contain a colon in basic auth:

 

http://stackoverflow.com/questions/11612854/http-https-basic-authentication-colon-in-username

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Jeffrey Crawford
Sent: Tuesday, May 03, 2016 7:44 PM
To: Scott Koranda <>
Cc: Gouper Users List <>
Subject: Re: [grouper-users] Setting Web Services

 

I did do that and I just got it working, basically it was a combination of needing to add -XX:MaxPermSize=150m to the tomcat java line to prevent out of memory errors. Understanding the relationship between Apache REMOTE_USER and grouper-ws.properties. (Hint there is none). and adding a new ldap source entry in sources.xml so that the system understands where the web service accounts are.

I was hoping to use a Grouper local entity be the account base for service accounts but I couldn't figure out how to make it match what was in REMOTE_USER. If I added an ldap account like ucsc:service-accts:svc1 the apache mod_authz_ldap sets REMOTE_USER to "ucsc" only, for some reason it's cutting off at the first ":". I'll have to figure out why another day.


Jeffrey

 

Both pilots and IT professionals require training and currency before charging into clouds!

---------------------------------------

 

On Tue, May 3, 2016 at 3:42 PM, Scott Koranda <> wrote:

Hi,

> I'm having a hard time trying to get external auth working for Grouper Web
> Services. I have Apache set up to perform Basic Auth against our LDAP server.
> The ​configuration seem to be working since I can see the authenticated user in
> the logs. However it looks like all the requests are getting a 500 error and I
> get the message "SEVERE: Web service did not even respond!" from the grouper
> client.

Did you review web.xml and in particular the
<security-constraint>, <login-config>, and <security-role>
elements?

You probably want to just remove them.

Note that in the web.xml deployed by default for WS there
is a <security-constraint> element that is already commented
out as part of an optional ESB listener servlet. Be careful if
you delete it because the closing element
</security-constraint> is on a line that contains the "close
comment" XML syntax "-->".

Scott K

 



Archive powered by MHonArc 2.6.16.

Top of Page