Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication


Chronological Thread 
  • From: "Katika,Shanthi Swaroop" <>
  • To: "Hyzer, Chris" <>
  • Cc: "" <>
  • Subject: [grouper-users] Re: Grouper with Shibboleth Authentication & ADFS Authentication
  • Date: Wed, 19 Oct 2016 19:22:28 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:LrYhvBAtszb0tqoysWp0UyQJP3N1i/DPJgcQr6AfoPdwSP3zoMbcNUDSrc9gkEXOFd2Crakb26yL6Ou5BCQp2tWojjMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpW1aJhKqfypkNOnvXsb5j962zKr6r5jYYxRaiSCVYKh5agiuoAPX8MQanN0xBLw2z06DgXJUeudfgVhoLFSPnxe03di55plk624Y7+ki/tJBUqzSYqo8C7FUEWJ1YCgO+MT3uEybHkO07XwGXzBOnw==

I got the second part working. Just changing the subject_id to my email address didn’t help but running the grouper loader process again with the subject_id as my email id worked. But I’m still facing trying to get to the shibboleth login page from <server_name>/grouper

 

 

Best,
Swaroop

 

From: "Katika,Shanthi Swaroop" <>
Date: Wednesday, October 19, 2016 at 12:22 PM
To: "Hyzer, Chris" <>
Subject: Re: Grouper with Shibboleth Authentication & ADFS Authentication

 

As an alternate test, I tried accessing shib directly

 

<server_name>/Shibboleth.sso/Login?target=<server_name>/grouper,

 

This took me to the shib login page, and upon authenticating with shib, it threw an “Your username could not be found in the system as an entity” error.

 

I added my eppn to the subject table with subjectID = <eppn>, which is my email address.

subjectTypeId = person

and name as <my_name>

 

But I’m still getting the “Your username could not be found in the system as an entity” error. Is there some other table where I should add my username?

 

 

Best,
Swaroop

 

From: "Hyzer, Chris" <>
Date: Wednesday, October 19, 2016 at 11:39 AM
To: "Katika,Shanthi Swaroop" <>
Subject: RE: Grouper with Shibboleth Authentication & ADFS Authentication

 

Just curious, if you go with a new browser with cleared authn SSO cookies, and go to the url, does it prompt you for shib authn?

 

Thanks

Chris

 

 

From: Katika,Shanthi Swaroop [mailto:]
Sent: Wednesday, October 19, 2016 11:29 AM
To: Hyzer, Chris <>;
Subject: Re: Grouper with Shibboleth Authentication & ADFS Authentication

 

Step1:

I created a new file for apache with <application-name>.conf with the following contents

 

ProxyPass /grouper ajp://localhost:8009/grouper

ProxyPassReverse /grouper ajp://localhost:8009/grouper

 

<Location /grouper>

  Authtype shibboleth

  ShibRequireSession On

  require valid-user

</Location>

 

step2:

In the server.xml configuration in the <TOMCAT-HOME>/conf

 

I changed  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />  to    <Connector port="8009" protocol="AJP/1.3" tomcatAuthentication="false" redirectPort="8443" URIEncoding="UTF-8" />.

 

Step 3:

In the struts-config.xml file,

I edited the action path for callLogin to home.do

 

Step 4:

 

I removed all the “<security-constraint>”, “<login-config>” and “<security-role>” from grouper.ui-2.2.2/dist/grouper/WEB-INF/web.xml

 

Step 5:

I restarted the apache service

 

Step6:

I restarted the tomcat service

 

Best,
Swaroop

 

 

From: "Hyzer, Chris" <>
Date: Wednesday, October 19, 2016 at 11:10 AM
To: "Katika,Shanthi Swaroop" <>, "" <>
Subject: RE: Grouper with Shibboleth Authentication & ADFS Authentication

 

Can you list the steps you did (sanitize sensitive things) including configuration snippets?

 

Thanks

Chris



 

 

From: Katika,Shanthi Swaroop []
Sent: Wednesday, October 19, 2016 11:03 AM
To: Hyzer, Chris <>;
Subject: Re: Grouper with Shibboleth Authentication & ADFS Authentication

 

I followed the document with a few changes for a Redhat server. Instead of taking me to the shib login page, the request to <server-name>/grouper is getting redirected to <server-name>/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=anonymousSessionNotAllowed.index and I’m getting the following error.

 

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application

 

Best,
Swaroop

From: "Hyzer, Chris" <>
Date: Tuesday, October 18, 2016 at 2:40 PM
To: "Katika,Shanthi Swaroop" <>, "" <>
Subject: RE: Grouper with Shibboleth Authentication & ADFS Authentication

 

Yes that is the document you need.  Let us know how it goes J

 

Thanks

Chris

 

From: [] On Behalf Of Katika,Shanthi Swaroop
Sent: Monday, October 17, 2016 4:00 PM
To:
Subject: [grouper-users] Grouper with Shibboleth Authentication & ADFS Authentication

 

Hi,

I’m looking to integrate Shibboleth/ADFS with Grouper to make users authenticate through Shibboleth/ADFS. The best documentation I have found so far is

https://spaces.internet2.edu/display/Grouper/Newcastle+University+-+Protecting+UI+With+Shib. Is there any other documentation available on this topic?

Also, I haven’t been able to find any documentation to integrate grouper with ADFS.  Has anyone here been able to integrate ADFS with grouper?

 

Best,
Swaroop


Archive powered by MHonArc 2.6.19.

Top of Page