Grouper Users - Open Discussion List

[Jeff McCullough <>]

Hi all,

I’ve run into a snag with SSO integration this time around. I’ve actually done the procedure multiple times on other versions, and it was very easy to setup, no problems. This time with grouper 2.3.0, no workie.  Here’s what I’ve done:

I have the CAS 3.4.2 java client integrated with tomcat version 7 running on java 1.8. 

I removed the security-constraints, login-config, and security-role from the web.xml file. 

I modified the struts-config.xml with callLogin set to home.do, though the previous step is where I start seeing the below error.

This seemed redundant (because REMOTE_USER is the default), but found it in a email thread where someone else was having the same issue.

I modified grouper.ui.authentication.http.header = $REMOTE_USER

Lastly I added the debug statement (log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG) in log4j with the result of:

2016-08-19 19:24:55,632: [http-bio-8443-exec-2] DEBUG GrouperUiFilter.remoteUser(636) -  - httpServletRequest.getRemoteUser(): null, $REMOTE_USER header: null, REMOTE_USER attribute: null, session.getAttribute(authUser): null, remoteUser overall: null

I’ve confirmed that the CAS client is in fact returning REMOTE_USER with correct user id. I modified the index.jsp within the grouper UI to display it, so I know grouper is seeing it. Yet, I get the error message:

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

Thanks in advance for any insights you may have.

Cheers,

Jeff