Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes

Chronological Thread 
  • From: "Coleman, Erik C" <>
  • To: "Redman, Chad" <>, "Hyzer, Chris" <>, "" <>
  • Subject: [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes
  • Date: Thu, 1 Nov 2018 21:11:14 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:cl2Dhh35TDhXQ31WsmDT+DRfVm0co7zxezQtwd8ZsesWLPvxwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSHJBUMhPSiJBHo2yYYgBD+UDPOZXs4byqkAUrReiGQWhHv/jxiNWinLwwKY00/4hEQbD3AE4Ed4DrnPUrNHrO6cXS++1yrHExijMYfNM2Df965XDfw4vrfqRWr9/b9bexlU0GgPEilWQrY3lPzWS1uQMqGiX9fRvWv+yi2M+rQx6vzahxsApiobTh4IVzEjJ9SR9wIYxJN24Tkl7Yd+/EJdKqS6VKpZ2TtsiQ2F0pCY60qYGtoO6fCgExpQo2QTfZOKBc4eU/B3sSviRLil+hHJ5eLK/gAuy8Uegyu3gVsm7zktFri1AktbWt3AN0RrT5dKCSvRj8Eauwy2P1xzT6u5aOkA7j6/bJIA7zr4xjZoet1nIECzumEjukqOaakop9vKs5unpeLnquIWQOo9shg3jPKkihtazDfkmPgUPRWSX5+Sx2b358UD2QbhGlvM2nbfavZzGIMkWo7C1DBJL3Yo/7huyASuq384dkHQFKF9Iex2Kgo33NF7TPf/0E/GyiEm2njhx3fDJJLjhD43NLnfdlLfheq5w609YyAo3zNBf4ZVUCrAaIP7pRED+qcHYAgc4Mwyy3ennFM1w2p0CVW+AGKOUNK3fvUWW6u41I+SAfIoVtyz8K/gh6f7ul3g5mVoFcKa3wZQYdGu1HvViI0WdYHrshNABEWYRvgYkUuPllUCCXSZJZ3muR6I8+i07CIW+AIfMXICth6GB3D+lEZ1Mf2xGF0uMHmnyd4WfQPoMbCOSItR9kjwfS7StUY4h1ReytADk0bpnKPTb+jEGuZ75ytd6+vDTxlkO8mk+NcmR1miLCylfnmoEDXdi16B2rXtnx1uG2K5QnvpTU9Ff+qUNGk0aJIzR1agyINDoWxmLNoOMQ1a3UNi8KTAqRZQs29IIZQBwF8j0yliJ0DCtHqcYjfmWH5Eu6Yrd2WT8PcBw1yyA2aU8xRFyTdFIKHWrnOti7AXJHKbIlVmUjaCnaf5a0SLQojSt122L6QtzVwp9VKzDGTgyfErV5f+zrhfPRLSGCLAjMw1GyNXEJ6dXPI66xW5aTevubYyNK1m6nH29UFPRnuuB
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Thanks to Chris Hubing for figuring this one out for me—I simply had to replace my port 8009 connector line in Tomcat’s server.xml with this:


<Connector port="8009" protocol="AJP/1.3" secure="true" scheme="https" tomcatAuthentication="false" URIEncoding="UTF-8" />


I had a redirectPort=”8443” option so I deleted that and added the secure=true and scheme=https paramters.


For reference to the other questions, I do have the URL configured in and I do have x-forwarded-for turned on in Apache (grouper-www.conf), though I think the AWS ALB is not properly using that the right way, so maybe I wouldn’t have seen this problem had it been working properly.  It was odd that nearly everything in the app clicks through fine, except the attribute functionality.








From: Redman, Chad <>
Sent: Tuesday, October 30, 2018 2:08 PM
To: Hyzer, Chris <>; Coleman, Erik C <>;
Subject: RE: Grouper 2.4 UI problem with Setting Attributes


Yes, if you set the x-forwarded-* headers, or at least x-forwarded-proto, it does tend to fix the http/https issue for applications. We saw the same with the Shibboleth IdP. And we took another look at our CSRF refererMatchDomain=false setting which was set a long time ago. if the x-forwarded headers are enabled, it isn't needed.


From: [] On Behalf Of Hyzer, Chris
Sent: Tuesday, October 30, 2018 2:32 PM
To: Coleman, Erik C <>;
Subject: [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes


First question, as you click through the app everything is ok except the attribute case you list?


If not, Do you have the UI url configured in  And do you have x-forwarded-for and x-forwarded-proto HTTP HEADERS from the load balancer?  Im not sure they are needed but I think useful to have and that is how we set this up in a similar way. 





From: <> On Behalf Of Coleman, Erik C
Sent: Tuesday, October 30, 2018 9:45 AM
Subject: [grouper-users] RE: Grouper 2.4 UI problem with Setting Attributes


Brett, thanks,


I am not explicitly accessing the site insecurely, but I think you’re on to something.  We have redirects to HTTPS, but furthermore, since SSL is terminated at the AWS app load balancer, all the SSL is stripped out of the UI container in the Apache and Tomcat configs, but maybe there’s something amiss.


I’m no Java (or _javascript_) expert, so what function in the UI is having me try to access this link on HTTP and not HTTPS?:


Is this something I can change in a properties file?





From: Brett Bieber <>
Sent: Tuesday, October 30, 2018 8:24 AM
To: Coleman, Erik C <>;
Subject: Re: Grouper 2.4 UI problem with Setting Attributes


Hi Erik,

We're doing the same here at Nebraska and not having any issues, so I don't think it's a UI bug. I can't tell in the first screenshot if you were accessing the site securely or not, but I noticed the error message indicated an http vs https difference even though the domain name was the same. Is it possible you were accessing the site via an insecure URL and the config is set to https? We've got ours configured to redirect any requests to http:// to https:// at the load balancer. Hope that helps.


From: <> on behalf of Coleman, Erik C <>
Sent: Monday, October 29, 2018 6:09:00 PM
Subject: [grouper-users] Grouper 2.4 UI problem with Setting Attributes


I’m running into a snag with the new Grouper 2.4 (running from container tier/grouper:2.4.0-a2-u0-w0-p0).  I’m wanting to demonstrate how group owners can selectively choose to have their groups or folders sync to our AD via our PSPNG config. I select a group or folder and choose “More Actions” -> “Attribute Assignments” and assign an attribute, it seems to work, but then I get this strange error “ErrorType; LoadXML Description: Incorrect XML”:



Then if I click OK, then attempt to choose the action to assign a value to that attribute, I get a remarkably blank screen:



The only interesting log entries I am seeing is this:


grouper-api;grouper_error.log;as-aws-test-dev2;aws-poc;2018-10-29 18:05:26,238: [ajp-nio-8009-exec-3] ERROR CsrfGuardLogger.log(47) - - potential cross-site request forgery (CSRF) attack thwarted (user:ecc,, method:POST, uri:/grouper/grouperUi/app/UiV2GroupAttributeAssignment.assignmentMenuAddValue, error:request token does not match session token)


grouper-api;grouper_error.log;as-aws-test-dev2;aws-poc;2018-10-29 18:05:26,475: [ajp-nio-8009-exec-4] ERROR CsrfGuardLogger.log(47) - - Referer domain does not match request domain:


Is this a UI bug? Or possibly a sign I’ve got something corrupted somewhere?  It’s still pretty stock test environment otherwise.




Erik Coleman

University of Illinois at Urbana-Champaign


Archive powered by MHonArc 2.6.19.

Top of Page