grouper-users - RE: [grouper-users] SSO integration - grouper 2.3.0

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] SSO integration - grouper 2.3.0

From: "Singley, Norman" <>
To: Travis Schmidt <>, "Hyzer, Chris" <>, Jeff McCullough <>
Cc: Gouper Users List <>
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0
Date: Wed, 28 Sep 2016 21:08:02 +0000
Accept-language: en-US
Ironport-phdr: 9a23:BYCKfBVNWEVHpmLyeC6u3qYP5ajV8LGtZVwlr6E/grcLSJyIuqrYZh2Ct8tkgFKBZ4jH8fUM07OQ6P+wHzFbqs/c+Fk5M7VyFDY9wf0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3HUNPK+/0Ao/fidisn6D3osWLIlYAuD3oXal7MhSt5T7atswXjZcqfrorwwXIuT1TcORTxG90DV2Wlhf4oMy3+cgnu25wquAs7YoIeqXgfr9yBehdBzQ3IW0vzMzwvl/eVQaJ4D0RXnhA1lJqDgbLpDTxdYr1tiznueo1jCuXM8PzRpg+VC6h4qNmWVnlhDpRZBAj92SCwPdxiq1frQPl7zp42YvdZsvdYNx5ZKbUe5UhRGxOWstAfylaBcWhapdJAuYca7UL57LhrkcD+EPtTTKnA/nin3oR3if7

Thanks Travis. I did have BASIC still in there, so I removed it from:

./grouper/grouper.ui-2.3.0/webapp/WEB-INF/web.core.xml

./grouper/grouper.ui-2.3.0/dist/grouper/WEB-INF/web.core.xml

Attached is the web.core.xml file that is in place.

I still get the access to the requested resource has been denied error.

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Norman Singley

Directory Services

406 243 6799

From: Travis Schmidt [mailto:]
Sent: Wednesday, September 28, 2016 1:48 PM
To: Singley, Norman; Hyzer, Chris; Jeff McCullough
Cc: Gouper Users List
Subject: Re: [grouper-users] SSO integration - grouper 2.3.0

If you still have the BASIC auth removed from the web.core.xml, try putting it back in. I have that set still in my app and that might be the link that sets the REMOTE_USER to a place Grouper is looking for it.

On Wed, Sep 28, 2016 at 10:46 AM Singley, Norman <> wrote:

Thanks, Travis. I gave this a shot, and changed the Realm as noted. I am getting redirected to our Shib, and I can authenticate, but when I get back to Grouper, I get this error:

The UI grouper error log looks like this:

2016-09-28 11:20:04,257: [http-8080-1] INFO EventLog.info(156) - - [a467035d6da1430995433101f095f25a,'GrouperSystem','application'] session: start (4ms)

2016-09-28 11:20:04,359: [http-8080-1] INFO EventLog.info(156) - - [a96848a889d547d9926af45c68cb2e87,'GrouperSystem','application'] session: start (1ms)

2016-09-28 11:20:04,403: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638) - - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null, session.getAttribute(authUser): null, remoteUser overall: null

2016-09-28 11:20:04,404: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638) - - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null, session.getAttribute(authUser): null, remoteUser overall: null

Thanks!

Norman Singley

Directory Services

406 243 6799

From: [mailto:] On Behalf Of Travis Schmidt
Sent: Friday, September 23, 2016 2:42 PM
To: Singley, Norman; Hyzer, Chris; Jeff McCullough
Cc: Gouper Users List
Subject: Re: [grouper-users] SSO integration - grouper 2.3.0

Hi Norman,

I think this note previously from Jeff is what you need:

Since we allow anyone to login to grouper, I changed the Realm to:

<Realm

className="org.jasig.cas.client.tomcat.v7.AssertionCasRealm"

   />

I think the fact that you deployed an empty group-user.properties, it is saying that you didn't login as an authorized user.

Travis

On Fri, Sep 23, 2016 at 1:37 PM Singley, Norman <> wrote:

Hmm, making progress, but now it’s kind of acting like it’s not sending me over to CAS (shib) to authenticate, perhaps? It did not redirect to our cas login, just loaded this page. I rebooted tomcat, cleared my browser cache ( and tried on a separate machine I have not navigated to grouper on before – and get the same error)

Norman Singley

Directory Services

406 243 6799

From: Hyzer, Chris [mailto:]
Sent: Friday, September 23, 2016 2:29 PM

To: Singley, Norman; Jeff McCullough; Travis Schmidt
Cc: Gouper Users List
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0

Take out the other security constraints in web.xml and bounce tomcat, should work

<security-constraint>

    <web-resource-collection>

      <web-resource-name>UI</web-resource-name>

      <url-pattern>/grouperUi/app/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>*</role-name>

    </auth-constraint>

</security-constraint>



<security-constraint>

    <web-resource-collection>

      <web-resource-name>UI</web-resource-name>

      <url-pattern>/grouperUi/appHtml/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>*</role-name>

    </auth-constraint>

</security-constraint>



<security-constraint>

    <web-resource-collection>

      <web-resource-name>UI</web-resource-name>

      <url-pattern>/grouperExternal/app/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>*</role-name>

    </auth-constraint>

</security-constraint>



<security-constraint>

    <web-resource-collection>

      <web-resource-name>UI</web-resource-name>

      <url-pattern>/grouperExternal/appHtml/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

      <role-name>*</role-name>

    </auth-constraint>

</security-constraint> Thanks

Chris

From: Hyzer, Chris
Sent: Friday, September 23, 2016 3:22 PM
To: 'Singley, Norman' <>; Jeff McCullough <>; Travis Schmidt <>
Cc: Gouper Users List <>
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0

Send me your server.xml and path of server.xml to start out… send me your web.xml and the full path of that. And confirm that you bounced tomcat after making changes and maybe clear cache in your browser and try again… finally, are you using apache or just tomcat? you can reply off list if you like…

Thanks

Chris

From: Singley, Norman []
Sent: Friday, September 23, 2016 2:54 PM
To: Hyzer, Chris <>; Jeff McCullough <>; Travis Schmidt <>
Cc: Gouper Users List <>
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0

Thanks, Chris.

Well, I removed the code mentioned in this page:

https://spaces.internet2.edu/display/Grouper/Grouper+UI+custom+authentication+example

from the two web.core.xml files I could find. I even removed it from grouper.ws-2.3.0/grouper-ws/build/dist/grouper-ws/WEB-INF/web.xml

with no change, so I’m a little confused. I am not sure where else basic authentication could be getting applied from.

Thanks.

Norman Singley

Directory Services

406 243 6799

From: Hyzer, Chris []
Sent: Friday, September 23, 2016 4:51 AM
To: Singley, Norman; Jeff McCullough; Travis Schmidt
Cc: Gouper Users List
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0

Does your apache config or web.xml require basic? If so remove those config things

thanks

Chris

From: Singley, Norman []
Sent: Thursday, September 22, 2016 5:03 PM
To: Jeff McCullough <>; Travis Schmidt <>
Cc: Hyzer, Chris <>; Gouper Users List <>
Subject: RE: [grouper-users] SSO integration - grouper 2.3.0

HI folks.

We’re working on implementing this as well, and I ran into a problem. It does re-direct to our CAS (shibboleth) SSO, and I authenticate and get redirected back to grouper, but at that point, I get an http status 401 error “This request requires http authentication”.

It’s a fresh install of grouper2.3.0. I’m using servername:8080/grouper in the "GROUPER_SERVER" field.

I did keep this line in, because without it, Tomcat would not start, but it is pointing to a blank file.

propertiesFilePath="/etc/tomcat/grouper-users.properties"

Thanks for any help anyone can offer.

Norman Singley

Directory Services

406 243 6799

From: [] On Behalf Of Jeff McCullough
Sent: Thursday, August 25, 2016 4:33 PM
To: Travis Schmidt
Cc: Hyzer, Chris; Gouper Users List
Subject: Re: [grouper-users] SSO integration - grouper 2.3.0

Thank you. I tried this out, and found it to work. Since we allow anyone to login to grouper, I changed the Realm to:

<Realm

className="org.jasig.cas.client.tomcat.v7.AssertionCasRealm"

   />

One can also add the SAML authenticator if they want to have more info returned and used to setup up roles.

Cheers,

Jeff

On Aug 24, 2016, at 11:28 AM, Travis Schmidt <> wrote:

I was able to get this to work by using the Tomcat integration on the Java CAS Client:

https://github.com/apereo/java-cas-client

The context definition for Tomcat looks like this:

<Context docBase="/ucd/opt/grouper-ui/dist/grouper" path="/grouper"

reloadable="false"

mapperContextRootRedirectEnabled="true"

mapperDirectoryRedirectEnabled="true">

<Realm

className="org.jasig.cas.client.tomcat.v7.PropertiesCasRealm"

propertiesFilePath="/etc/tomcat/grouper-users.properties"

/>

<Valve

className="org.jasig.cas.client.tomcat.v7.Cas20CasAuthenticator"

encoding="UTF-8"

casServerLoginUrl="https://CAS_SERVER/cas/login"

casServerUrlPrefix="https://CAS_SERVER/cas/"

serverName="GROUPER_SERVER"

/>



<Valve

className="org.jasig.cas.client.tomcat.v7.SingleSignOutValve"

artifactParameterName="SAMLart"

/>

</Context>

I didn't need to alter anything in the Grouper UI itself, just need to make sure that the logged in user was searchable by a source.

On Wed, Aug 24, 2016 at 11:12 AM Hyzer, Chris <> wrote:

Is anyone using CAS with Grouper 2.3? How was it configured?

Do we need a servlet filter?

https://wiki.jasig.org/display/casc/configuring+the+jasig+cas+client+for+java+in+the+web.xml

Thanks

chris

From: Jeff McCullough [mailto:]
Sent: Tuesday, August 23, 2016 3:23 PM

To: Hyzer, Chris <>
Cc: Gouper Users List <>
Subject: Re: [grouper-users] SSO integration - grouper 2.3.0

Yes, it doesn’t look like it doesn’t have an effect.

Remote_user in index.jsp. This is the part that displays the username from REMOTE_USER.

<body.

<dl>

<dt>Your user name:</dt>

<dd><%= request.getRemoteUser()== null ? "null" : request.getRemoteUser() %></dd>

</dl>

</body>

It is the same call in the index.jsp in the grouper UI root directory.

if(request.getRemoteUser()==null || "y".equals(request.getParameter("badRole"))) {

location="populateIndex.do";

}else{

location="home.do";

}%>

Jeff

On Aug 22, 2016, at 8:29 PM, Hyzer, Chris <> wrote:

Ok, I need that setting when I do authn with apache, maybe you don’t need it.

How do you display REMOTE_USER in jsp exactly?

Thanks,

Chris

From: Jeff McCullough []
Sent: Monday, August 22, 2016 8:47 PM
To: Hyzer, Chris <>
Cc: Gouper Users List <>
Subject: Re: [grouper-users] SSO integration - grouper 2.3.0

Hi Chris,

For the grouper.ui.authentication.http.header parameter, I tried no value, $REMOTE_USER and REMOTE_USER. None of these changed the error behavior.

Tomcat server.xml doesn’t have that or any similar setting.

For diagnostics of tomcat/CAS, I installed a small cas-client app that reads/displays REMOTE_USER via a request.getRemoteUser() call. It works as expected.

Do you have any other ideas?

Thanks,

Jeff

On Aug 20, 2016, at 7:33 AM, Hyzer, Chris <> wrote:

Is it $REMOTE_USER or just REMOTE_USER?   I don’t think you need to change that setting as you said… but try editing it.

Do you have tomcat server.xml setting:

<Connector port="8552" protocol="AJP/1.3" connectionTimeout="600000" request.tomcatAuthentication="false"

      URIEncoding="UTF-8" />

Or whatever the tomcat authn setting for your version is…

Thanks

Chris

From:  [] On Behalf Of Jeff McCullough
Sent: Friday, August 19, 2016 10:35 PM
To: Gouper Users List <>
Subject: [grouper-users] SSO integration - grouper 2.3.0

Hi all,

I’ve run into a snag with SSO integration this time around. I’ve actually done the procedure multiple times on other versions, and it was very easy to setup, no problems. This time with grouper 2.3.0, no workie. Here’s what I’ve done:

I have the CAS 3.4.2 java client integrated with tomcat version 7 running on java 1.8.

I removed the security-constraints, login-config, and security-role from the web.xml file.

I modified the struts-config.xml with callLogin set to home.do, though the previous step is where I start seeing the below error.

This seemed redundant (because REMOTE_USER is the default), but found it in a email thread where someone else was having the same issue.

I modified grouper.ui.authentication.http.header = $REMOTE_USER

Lastly I added the debug statement (log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG) in log4j with the result of:

2016-08-19 19:24:55,632: [http-bio-8443-exec-2] DEBUG GrouperUiFilter.remoteUser(636) - - httpServletRequest.getRemoteUser(): null, $REMOTE_USER header: null, REMOTE_USER attribute: null, session.getAttribute(authUser): null, remoteUser overall: null

I’ve confirmed that the CAS client is in fact returning REMOTE_USER with correct user id. I modified the index.jsp within the grouper UI to display it, so I know grouper is seeing it. Yet, I get the error message:

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

Thanks in advance for any insights you may have.

Cheers,

Jeff

<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app xmlns:j2ee="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4">

<filter>
<filter-name>Login check</filter-name>

<filter-class>edu.internet2.middleware.grouper.ui.LoginCheckFilter</filter-class>
<init-param>
<param-name>failureUrl</param-name>
<param-value>/index.jsp</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>

<param-value>:/populateIndex.do:/callLogin.do:/error.do:/logout.do:/status:</param-value>

</init-param>
<init-param>
<param-name>grouperRole</param-name>
<param-value>@grouper.role@</param-value>
</init-param>
</filter>
<filter>
<filter-name>Caller page</filter-name>

<filter-class>edu.internet2.middleware.grouper.ui.CallerPageFilter</filter-class>
</filter>

<filter-mapping>
<filter-name>Caller page</filter-name>
<url-pattern>/gotoCallerPage</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Login check</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<listener>

<listener-class>edu.internet2.middleware.grouper.ui.GrouperSessionAttributeListener</listener-class>
</listener>

<listener>

<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<listener>

<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>

<servlet>
<servlet-name>OwaspJavaScriptServlet</servlet-name>

<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>OwaspJavaScriptServlet</servlet-name>
<url-pattern>/grouperExternal/public/OwaspJavaScriptServlet</url-pattern>
</servlet-mapping>

<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Tomcat login</web-resource-name>
<url-pattern>/login.do</url-pattern>
</web-resource-collection>
<auth-constraint>

<role-name>@grouper.role@</role-name>
</auth-constraint>
</security-constraint>


<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Grouper Application</realm-name>
</login-config>


<security-role>
<description>
The role that is required to log in to the Grouper UI
</description>
<role-name>@grouper.role@</role-name>
</security-role>
</web-app>016-09-28 14:49:54,668: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: g:gsa
2016-09-28 14:49:54,668: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: g:gsa
2016-09-28 14:49:54,670: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: g:isa
2016-09-28 14:49:54,670: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: g:isa
2016-09-28 14:49:54,714: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: grouperExternal
2016-09-28 14:49:54,714: [main] DEBUG SourceManager.loadSource(331) - -
Loading source: grouperExternal
2016-09-28 14:49:54,715: [main] DEBUG JDBCSourceAdapter2.setupDataSource(620)
- - Initializing connection factory.
2016-09-28 14:49:54,715: [main] DEBUG JDBCSourceAdapter2.setupDataSource(620)
- - Initializing connection factory.
2016-09-28 14:49:54,715: [main] INFO JDBCSourceAdapter2.setupDataSource(652)
- - Data Source initialized.
2016-09-28 14:49:54,715: [main] INFO JDBCSourceAdapter2.setupDataSource(652)
- - Data Source initialized.
2016-09-28 14:50:27,278: [main] ERROR
GrouperCheckConfig.checkGrouperVersion(1256) - - grouper versions do not
match, GrouperVersion.class: 2.3.0, grouper.version.properties: 2.3.0,
manifest: null
2016-09-28 14:50:27,691: [main] INFO EventLog.info(156) - -
[a0a663cedc9e4112850bdf133b5afda3,'GrouperSystem','application'] session:
start (271ms)
2016-09-28 14:50:27,814: [main] INFO EventLog.info(156) - -
[2e81467a7bfb4bae858899209fcedb94,'GrouperSystem','application'] session:
start (2ms)
2016-09-28 14:50:27,824: [main] INFO EventLog.info(156) - -
[bd21b46b2aeb4cf0be58ab3ce891cfaa,'GrouperSystem','application'] session:
start (8ms)
2016-09-28 14:50:29,082: [main] INFO EventLog.info(156) - -
[f00354a995d743b1a4099bc253b18e4c,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 14:50:29,139: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType: searchSubject,
filter: (& (umid=grouperTestSubjectByIdOnStartupASDFGHJ)
(objectclass=EduPerson))
2016-09-28 14:50:29,139: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType: searchSubject,
filter: (& (umid=grouperTestSubjectByIdOnStartupASDFGHJ)
(objectclass=EduPerson))
2016-09-28 14:50:29,251: [main] DEBUG LdapSourceAdapter.getLdapUnique(862) -
- method: getLdapUnique, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (umid=%TERM%) (objectclass=EduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubject], searchValue:
grouperTestSubjectByIdOnStartupASDFGHJ, attributeNames: Array size: 8: [0]: cn
[1]: uid
[2]: cn
[3]: cn
[4]: sn
[5]: uid
[6]: department
[7]: umid

2016-09-28 14:50:29,251: [main] DEBUG LdapSourceAdapter.getLdapUnique(862) -
- method: getLdapUnique, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (umid=%TERM%) (objectclass=EduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubject], searchValue:
grouperTestSubjectByIdOnStartupASDFGHJ, attributeNames: Array size: 8: [0]: cn
[1]: uid
[2]: cn
[3]: cn
[4]: sn
[5]: uid
[6]: department
[7]: umid

2016-09-28 14:50:29,251: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType:
searchSubjectByIdentifier, filter: (&
(uid=grouperTestSubjectByIdentifierOnStartupASDFGHJ) (objectclass=eduPerson))
2016-09-28 14:50:29,251: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType:
searchSubjectByIdentifier, filter: (&
(uid=grouperTestSubjectByIdentifierOnStartupASDFGHJ) (objectclass=eduPerson))
2016-09-28 14:50:29,358: [main] DEBUG LdapSourceAdapter.getLdapUnique(862) -
- method: getLdapUnique, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (uid=%TERM%) (objectclass=eduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubjectByIdentifier], searchValue:
grouperTestSubjectByIdentifierOnStartupASDFGHJ, attributeNames: Array size:
8: [0]: cn
[1]: uid
[2]: cn
[3]: cn
[4]: sn
[5]: uid
[6]: department
[7]: umid

2016-09-28 14:50:29,358: [main] DEBUG LdapSourceAdapter.getLdapUnique(862) -
- method: getLdapUnique, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (uid=%TERM%) (objectclass=eduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubjectByIdentifier], searchValue:
grouperTestSubjectByIdentifierOnStartupASDFGHJ, attributeNames: Array size:
8: [0]: cn
[1]: uid
[2]: cn
[3]: cn
[4]: sn
[5]: uid
[6]: department
[7]: umid

2016-09-28 14:50:29,359: [main] DEBUG
LdapSourceAdapter.getSubjectByIdentifier(460) - - method:
getSubjectByIdentifier, id: grouperTestSubjectByIdentifierOnStartupASDFGHJ,
exceptionIfNull: false, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (uid=%TERM%) (objectclass=eduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubjectByIdentifier]
2016-09-28 14:50:29,359: [main] DEBUG
LdapSourceAdapter.getSubjectByIdentifier(460) - - method:
getSubjectByIdentifier, id: grouperTestSubjectByIdentifierOnStartupASDFGHJ,
exceptionIfNull: false, search: Search [params=scope: SUBTREE_SCOPE, filter:
(& (uid=%TERM%) (objectclass=eduPerson)), base: ou=people,dc=umt,dc=edu,
searchType=searchSubjectByIdentifier]
2016-09-28 14:50:29,362: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType: search, filter:
(&
(|(|(uid=grouperTestStringOnStartupASDFGHJ)(cn=*grouperTestStringOnStartupASDFGHJ*))(umid=grouperTestStringOnStartupASDFGHJ))(objectclass=eduPerson))
2016-09-28 14:50:29,362: [main] DEBUG
LdapSourceAdapter.getLdapResultsHelper(740) - - searchType: search, filter:
(&
(|(|(uid=grouperTestStringOnStartupASDFGHJ)(cn=*grouperTestStringOnStartupASDFGHJ*))(umid=grouperTestStringOnStartupASDFGHJ))(objectclass=eduPerson))
2016-09-28 14:50:29,468: [main] DEBUG LdapSourceAdapter.searchHelper(537) -
- set has 0 subjects
2016-09-28 14:50:29,468: [main] DEBUG LdapSourceAdapter.searchHelper(537) -
- set has 0 subjects
2016-09-28 14:50:29,561: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where uuid in (?), ArrayList size: 1: [0]:
grouperTestSubjectByIdOnStartupASDFGHJ

2016-09-28 14:50:29,561: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where uuid in (?), ArrayList size: 1: [0]:
grouperTestSubjectByIdOnStartupASDFGHJ

2016-09-28 14:50:29,563: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where ( identifier = ? ) , ArrayList size: 1: [0]:
grouperTestSubjectByIdentifierOnStartupASDFGHJ

2016-09-28 14:50:29,563: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where ( identifier = ? ) , ArrayList size: 1: [0]:
grouperTestSubjectByIdentifierOnStartupASDFGHJ

2016-09-28 14:50:29,575: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where search_string_lower like ?, ArrayList size: 1: [0]:
%grouperteststringonstartupasdfghj%

2016-09-28 14:50:29,575: [main] DEBUG JDBCSourceAdapter2.search(1025) - -
Query returned 0, select
uuid,name,description,search_string_lower,identifier,institution,email from
grouper_ext_subj_v where search_string_lower like ?, ArrayList size: 1: [0]:
%grouperteststringonstartupasdfghj%

2016-09-28 14:50:29,603: [main] INFO EventLog.info(156) - -
[9d4be2e3e07048bba9a21fec6b4ee2b2,'GrouperSystem','application'] session:
start (2ms)
2016-09-28 14:50:29,624: [main] INFO EventLog.info(156) - -
[419410cd803b4bf08a81f08cc71980ea,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 14:50:29,628: [main] INFO EventLog.info(156) - -
[6466b2bbe8aa47b7a6540d530a2fd8b4,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 14:50:29,632: [main] INFO EventLog.info(156) - -
[37d13cf3b8e14dc78d522e847a47ad5b,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 14:50:29,812: [main] INFO EventLog.info(156) - -
[6466b2bbe8aa47b7a6540d530a2fd8b4,'GrouperSystem','application'] add group
type: 'grouperLoader' (182ms)
2016-09-28 14:50:30,923: [http-8080-1] INFO EventLog.info(156) - -
[6a3d471a11574b6199e4b806da78d692,'GrouperSystem','application'] session:
start (21ms)
2016-09-28 14:50:31,213: [http-8080-1] INFO EventLog.info(156) - -
[30a084b1f41940168fe6d9b651de66f6,'GrouperSystem','application'] session:
start (2ms)
2016-09-28 14:50:31,879: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null
2016-09-28 14:50:31,894: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null
2016-09-28 15:01:17,840: [http-8080-1] INFO EventLog.info(156) - -
[9a60689c69a24299bd237e4d17be66aa,'GrouperSystem','application'] session:
start (5ms)
2016-09-28 15:01:17,999: [http-8080-1] INFO EventLog.info(156) - -
[8f1c70064f9c45a28493ecbfc057c046,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 15:01:18,065: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null
2016-09-28 15:01:18,066: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null
2016-09-28 15:02:11,963: [http-8080-1] INFO EventLog.info(156) - -
[aad854d0574941939a8b48c32919b0bf,'GrouperSystem','application'] session:
start (5ms)
2016-09-28 15:02:12,068: [http-8080-1] INFO EventLog.info(156) - -
[9bc295f768e749edaaeb202f0bf03800,'GrouperSystem','application'] session:
start (1ms)
2016-09-28 15:02:12,135: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null
2016-09-28 15:02:12,135: [http-8080-1] DEBUG GrouperUiFilter.remoteUser(638)
- - httpServletRequest.getRemoteUser(): null, REMOTE_USER attribute: null,
session.getAttribute(authUser): null, remoteUser overall: null

RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/22/2016
- RE: [grouper-users] SSO integration - grouper 2.3.0, Hyzer, Chris, 09/23/2016
  - RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/23/2016
    - RE: [grouper-users] SSO integration - grouper 2.3.0, Hyzer, Chris, 09/23/2016
    - RE: [grouper-users] SSO integration - grouper 2.3.0, Hyzer, Chris, 09/23/2016
      - RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/23/2016
        
        Re: [grouper-users] SSO integration - grouper 2.3.0, Travis Schmidt, 09/23/2016
        
        RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/28/2016
        
        Re: [grouper-users] SSO integration - grouper 2.3.0, Travis Schmidt, 09/28/2016
        RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/28/2016
        RE: [grouper-users] SSO integration - grouper 2.3.0, Singley, Norman, 09/28/2016

List archive

RE: [grouper-users] SSO integration - grouper 2.3.0