Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication


Chronological Thread 
  • From: "Katika,Shanthi Swaroop" <>
  • To: "Hyzer, Chris" <>, "" <>
  • Subject: [grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication
  • Date: Wed, 19 Oct 2016 15:28:30 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:fv1wsB0n6R2clX0msmDT+DRfVm0co7zxezQtwd8ZsegSIvad9pjvdHbS+e9qxAeQG96Eu7QZ0KGP7ujJYi8p39WoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6i760TlHUDXuJwdvYqzeGpTTlI7/g+W5+4zBbh9ghSG2J65qIROw6wjdq59SycFtMKEs0hbT52ZTdv5N7WJuOV+JmRvgvIG98IMpu3BfofU878NaFLjhcr4jZb1eEDk8NW0pvovmuQSVHiWV4X5JGEYfjhtLCkz+7Bj8Qpfw+hDlv/B63zHQdZntTrkoWDerx7plTFnlhDpRZG1xy33elsEl1PETmxmmvREqm4M=

Step1:

I created a new file for apache with <application-name>.conf with the following contents

 

ProxyPass /grouper ajp://localhost:8009/grouper

ProxyPassReverse /grouper ajp://localhost:8009/grouper

 

<Location /grouper>

  Authtype shibboleth

  ShibRequireSession On

  require valid-user

</Location>

 

step2:

In the server.xml configuration in the <TOMCAT-HOME>/conf

 

I changed  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />  to    <Connector port="8009" protocol="AJP/1.3" tomcatAuthentication="false" redirectPort="8443" URIEncoding="UTF-8" />.

 

Step 3:

In the struts-config.xml file,

I edited the action path for callLogin to home.do

 

Step 4:

 

I removed all the “<security-constraint>”, “<login-config>” and “<security-role>” from grouper.ui-2.2.2/dist/grouper/WEB-INF/web.xml

 

Step 5:

I restarted the apache service

 

Step6:

I restarted the tomcat service

 

Best,
Swaroop

 

 

From: "Hyzer, Chris" <>
Date: Wednesday, October 19, 2016 at 11:10 AM
To: "Katika,Shanthi Swaroop" <>, "" <>
Subject: RE: Grouper with Shibboleth Authentication & ADFS Authentication

 

Can you list the steps you did (sanitize sensitive things) including configuration snippets?

 

Thanks

Chris


 

 

From: Katika,Shanthi Swaroop [mailto:]
Sent: Wednesday, October 19, 2016 11:03 AM
To: Hyzer, Chris <>;
Subject: Re: Grouper with Shibboleth Authentication & ADFS Authentication

 

I followed the document with a few changes for a Redhat server. Instead of taking me to the shib login page, the request to <server-name>/grouper is getting redirected to <server-name>/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=anonymousSessionNotAllowed.index and I’m getting the following error.

 

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application

 

Best,
Swaroop

From: "Hyzer, Chris" <>
Date: Tuesday, October 18, 2016 at 2:40 PM
To: "Katika,Shanthi Swaroop" <>, "" <>
Subject: RE: Grouper with Shibboleth Authentication & ADFS Authentication

 

Yes that is the document you need.  Let us know how it goes J

 

Thanks

Chris

 

From: [] On Behalf Of Katika,Shanthi Swaroop
Sent: Monday, October 17, 2016 4:00 PM
To:
Subject: [grouper-users] Grouper with Shibboleth Authentication & ADFS Authentication

 

Hi,

I’m looking to integrate Shibboleth/ADFS with Grouper to make users authenticate through Shibboleth/ADFS. The best documentation I have found so far is

https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib. Is there any other documentation available on this topic?

Also, I haven’t been able to find any documentation to integrate grouper with ADFS.  Has anyone here been able to integrate ADFS with grouper?

 

Best,
Swaroop




Archive powered by MHonArc 2.6.19.

Top of Page