grouper-users - [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes
Subject: Grouper Users - Open Discussion List
List archive
- From: "Redman, Chad" <>
- To: "Coleman, Erik C" <>, "" <>
- Subject: [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes
- Date: Tue, 30 Oct 2018 14:34:53 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:f++6IhZEPbo1BpXSeZnYnqf/LSx+4OfEezUN459isYplN5qZps27Zh7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38H/ZhNFsjKxVoxyhqR5ww4/Ib46aL/d+ZL/Rcc8ASGZdQspdSSpMCZ68YYsVCOoBOP5Vo4fhqVQQsBS+ABOjBOX3xjRVmHL23bc13PkvHQrb2wEvA9IOv27Jo9rtLqcdT/26zKzSwjXFdP5WxDH955TSfh8/vP6MQKt9fMzMwkchEAPFi0+fqY3jPz6N1+QNt2yb7+tmVeKoim4nsBt9rSayyccxkoXJhp4Vykzc9SVi3Yk1JNO4SEBlbt6+DpRQsT2VOJVoTcM8XW5ovjo6yr0BuZ6mcygKyIgnxx7BZPOadIiI5wjsVOeXITd+nn1lfaywhhio/ki71u38Vte70E1QoSpAjNbArHEN1wfV58OaSfV95l+s1SiV2AzP9+1JJF04mbfGJ5MkzL49mYYfvVjGEy/4hkr7g7KZe0Ah9+Wp9ejof63qqoKcOoNqkA3yLKojltahDegmPQUCRXWX9Oaz2bH78032XrZHguEzn6TcrpzXJd8Uq6G8DgNI04su6gizAjK439gEgXUHIldIdRGag4XnJV3DJu3zA+2ljFS2ijhrwujLPr3/DZXJKXjOiK/vcKp65UJAxwc/1M5S6YtJBr0YJ/L8QVH+uMbfDh8kLwy72OHnCMh71owDQ26PGrWZMKTOsVCW+u0vP+iMZIgTuDrnLPgl+uLujXs+mV8afqmlx4cYaHe9Hvh+IkWZZ2TjgssZHGsUpAUyUPHmhVifXTJOenq/Wqw86z4nBI66CIrDSJ6ijbOc0yq+G5BbZ35KBU2UHXftbYqEWvMMaCyIIs9mlzwJTaSuS4872h6zrAD60aRoIffR+iICs5Luz8V15+vPmh0o6zN7Etmd33mXT25ohmMIWyM23KdnrExy0FeD1rV4g+RGGtxJ/v9JTxw6OoDGz+xhEN3yXgPBfsyVSFa9XNmqGzAxTtQtw9AQeUZ9Hcutjgzd0yawHbAaiqGLV9QI9feW9H/1KsN0zTKO+bMgjBENCIMbOGatrq978wnVAI/S1UiVivDuPe4TxinQ7GqZiHeVsVtDeA92TajfW30DPA3bocmzrhfNVbizEbk9dxZaxNSZAqpMdtDzi1haHrHuNMmIMEyrnGLlTyyFyraFas6iUGUU0G+VXEMEmgwk53uKMAE4LjqnqCTTACE4RgGnWF/l7eQr8CDzdUQz1QzfNxc7hbOo5h4Yg+CdQPoP37UC/T0ssChwAE3jhYDNE9TVoQ1nce0cet477FpdnUPh/w1mdt3FTeh5g0IGNQF+vkfgzRJyX45AmMQdtn4myQN0Ab+e2xVMey7LlZ0=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Ah, missed the https vs. http. I think this is what we needed to get past that: Owasp.CsrfGuard.overlay.properties org.owasp.csrfguard._javascript_Servlet.refererMatchDomain = false From: [mailto:]
On Behalf Of Redman, Chad Do you have sticky sessions set in the load balancer? The CSRF tokens are generated per server. From: []
On Behalf Of Coleman, Erik C Brett, thanks, I am not explicitly accessing the site insecurely, but I think you’re on to something. We have redirects to HTTPS, but furthermore, since SSL is terminated at the AWS app load balancer, all the SSL is stripped out of the UI container in
the Apache and Tomcat configs, but maybe there’s something amiss. I’m no Java (or _javascript_) expert, so what function in the UI is having me try to access this link on HTTP and not HTTPS?:
http://authman-test.techservices.illinois.edu/grouper/grouperExternal/public/OwaspJavaScriptServlet Is this something I can change in a properties file? -Erik From: Brett Bieber <>
Hi Erik, We're doing the same here at Nebraska and not having any issues, so I don't think it's a UI bug. I can't tell in the first screenshot if you were accessing the site securely or not, but I noticed the error message indicated an http
vs https difference even though the domain name was the same. Is it possible you were accessing the site via an insecure URL and the config is set to https? We've got ours configured to redirect any requests to http:// to https:// at the load balancer. Hope
that helps. -Brett From:
<> on behalf of Coleman, Erik C <> I’m running into a snag with the new Grouper 2.4 (running from container tier/grouper:2.4.0-a2-u0-w0-p0). I’m wanting to demonstrate how group owners can selectively choose to have their groups or folders sync to our AD via our PSPNG
config. I select a group or folder and choose “More Actions” -> “Attribute Assignments” and assign an attribute, it seems to work, but then I get this strange error “ErrorType; LoadXML Description: Incorrect XML”: Then if I click OK, then attempt to choose the action to assign a value to that attribute, I get a remarkably blank screen: The only interesting log entries I am seeing is this: grouper-api;grouper_error.log;as-aws-test-dev2;aws-poc;2018-10-29 18:05:26,238: [ajp-nio-8009-exec-3] ERROR CsrfGuardLogger.log(47) - - potential cross-site
request forgery (CSRF) attack thwarted (user:ecc, ip:xxx.xxx.xxx.xxx, method:POST, uri:/grouper/grouperUi/app/UiV2GroupAttributeAssignment.assignmentMenuAddValue, error:request token does not match session token) grouper-api;grouper_error.log;as-aws-test-dev2;aws-poc;2018-10-29 18:05:26,475: [ajp-nio-8009-exec-4] ERROR CsrfGuardLogger.log(47) - - Referer domain
https://authman-test.techservices.illinois.edu/grouper/grouperUi/app/UiV2Main.index?operation=UiV2GroupAttributeAssignment.assignmentMenuAddValue&attributeAssignId=635adbb3af3b4c2fa54a8eafca18ee13&csrfExtraParam=xyz does not match request domain:
http://authman-test.techservices.illinois.edu/grouper/grouperExternal/public/OwaspJavaScriptServlet Is this a UI bug? Or possibly a sign I’ve got something corrupted somewhere? It’s still pretty stock test environment otherwise.
Thanks, Erik Coleman University of Illinois at Urbana-Champaign |
- [grouper-users] Grouper 2.4 UI problem with Setting Attributes, Coleman, Erik C, 10/29/2018
- Message not available
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Coleman, Erik C, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Redman, Chad, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Redman, Chad, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Hyzer, Chris, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Redman, Chad, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Redman, Chad, 10/30/2018
- [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes, Coleman, Erik C, 10/30/2018
- Message not available
Archive powered by MHonArc 2.6.19.