Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: Grouper CAS -Shib authentication

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: Grouper CAS -Shib authentication

Chronological Thread 
  • From: "Singley, Norman" <>
  • To: Travis Schmidt <>, "Hyzer, Chris" <>, " Mailing List" <>
  • Subject: RE: [grouper-users] RE: Grouper CAS -Shib authentication
  • Date: Wed, 2 Nov 2016 21:02:59 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:vqio3Beop+Ako/2nZkEqclHjlGMj4u6mDksu8pMizoh2WeGdxci6Zx7h7PlgxGXEQZ/co6odzbGH6eawAidZuMnJmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4Ov7yUtaLyZ/mjabioNaKOloArQH+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf9d32JiKAHbtR/94sCt4MwrqHwI6LoJvvRNWqTifqk+UacQTHF/azh0t4XXskz/VwKR52BUaW4WlxtEH0CR8AvzQJbq9DDxtu981DWyMsj/TLRyUjOnueMjAj/5miodc3YS8HvWkYY42KdQoAOzqgZXwpXfJpyNOfx4OK7RYIVeDSBORMFMTyFbR56nYpEUJ+sHIetCqYTh/R0DoQb2IACtAOLpxXdsh2Tql+Vu3P4mDBnLxkk9BN8Uq1zVqsn4LqEfTbrzwaXVm2btdfRTjH3G6Y7Hdh0w5bmqWqh1eMybgR0JEBnAh1PWko3jMDeYx8wIqG/d8u98E++jljh0+ElKvjGzy5J02cHyjYUPxwWBrH0hzQ==

Thanks guys. 


Well, I started to roll back all the changes I made to start fresh, and after replacing the main  web.xml file with the original one that came installed, it seems to be working like a charm.  At the end of the day, I do believe my config now matches yours, Travis. 


Thanks for the help.

Until next time.



Norman Singley

Directory Services

406 243 6799






From: Travis Schmidt [mailto:]
Sent: Wednesday, November 02, 2016 2:34 PM
To: Singley, Norman; Hyzer, Chris; Mailing List
Subject: Re: [grouper-users] RE: Grouper CAS -Shib authentication


I only needed to add the CAS jars and change the context in server.xml to this:


        <Context docBase="/ucd/opt/grouper-ui/build/grouper" path="/grouper"
















          <!-- Single sign-out support -->








We restrict who can access by the that has has format 




I didn't change anything else in the grouper properties or configuration, but did need to make sure that the user logging in was able able to be searched by a source that was configured in sources.xml





On Wed, Nov 2, 2016 at 1:12 PM Singley, Norman <> wrote:

Hi Chris 


Thanks, yes we did add the cas jars to the tomcat library. 


I think we need some kind of security restraint in web.xml for cas, but I’m not sure what.  When some entries are there, it will go out to CAS to authenticate, but if I strip them all, then I never see CAS and I get the not-authenticated error. 



Norman Singley

Directory Services

406 243 6799






From: Hyzer, Chris [mailto:]
Sent: Wednesday, November 02, 2016 1:02 PM
To: Singley, Norman; Mailing List
Subject: RE: Grouper CAS -Shib authentication


I assume you added the cas jars to the tomcat library dir?


Does someone know if you need security constraints in web.xml for cas?


Maybe you could ask this on a CAS mailing list if someone here cannot help?





From: [] On Behalf Of Singley, Norman
Sent: Wednesday, November 02, 2016 2:37 PM
Subject: [grouper-users] Grouper CAS -Shib authentication


Hi folks.


I’m working on this CAS authentication piece for grouper 2.3 again, and I am still stuck.  Here’s the current status. 


I removed the security constraints from web.xml files:







Now when I hit the url, I don’t seem to get redirected to CAS/Shib.  I don’t get the tomcat 403 error, but the application errors:





Anything else I can provide to help troubleshoot?  Again, thanks for all the help.



Norman Singley

Directory Services

406 243 6799



Archive powered by MHonArc 2.6.19.

Top of Page