Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: Grouper Shell and AddSubject

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: Grouper Shell and AddSubject


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: "Black, Carey M." <>, "Crawford, Jeffrey" <>, Grouper-Users <>
  • Subject: [grouper-users] RE: Grouper Shell and AddSubject
  • Date: Thu, 6 Dec 2018 12:35:27 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:xXftDRHhSZpqYkOVMwx38Z1GYnF86YWxBRYc798ds5kLTJ76p8q5bnLW6fgltlLVR4KTs6sC17KG9fi4EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJVyJPHJ6yb5cBAeQCM+ZXrYj9qEcBohalHwagGP/jxyVUinPq36A31fkqHwHc3AwnGtIDqHrYotf1NaYTT++11rHExijdYvNWwzf96ZPIfh48qvyLWLJ/bcrRyEkuFgzblFWdso3lPyiJ2egXrmib9/RvVeSpi2I9tQ5+vyWvy94qh4LUiIwVzVXE+j94wIYzPdC4R1R7Ydm5EJtIqS6aLZF6Tdk6Q2FwoCo6zroGuZG0fCcU1Zsr3R/fa/qBfoOV4RzjTP6cLSpkiH9qYr6yiBS//VKvx+HiTMW50FRHojJYntTCqnwBzRje5tWdRvdj40us3SyD2x3R5+xFOUw0m7TUJp09zrM1k5cev0vOETPtl0jzl6CaaFko9fSt5unlfLnquIOQOopphgz+MKkhgcqyCvkiPAcURWiU4+G82aXj/ULnRLVKieU7nLHFvZ7dOcgWqLe1DhJX3Yo98hq/CCyp38oCkXkAMVJFZAmIj4/0O1HIPf/0F++/g06rkDd32f/JIqHhApTKLnjFirvheqt961JYyAo0ytBf5IhYBa0GIPL2QkPxtdrYAQElMwGs3urrFNpw2pkRVG+NGKOUP73evUWI6+8tO+WMYZUauDf5K/gr/f7uino5lEcYfaa13ZsWaHG5Eep8I0iCYHrsmcsOHX0XvgomUuPqjluCXSRNaHmvQqIw/is7B56+DYffWoCth6SM3CihHp1Re2BGEk6DEW3xe4WZQPcDdjiSItR6nzwAVLihUJMh1QqwuAPgyrpnKPbU9TMCtZLlytd1+/PfmQss+jNpEsTOm12KGitemmoDRHt+96llrF017xHJmfxyh/VTFpoKvahhVRwnc5PQ0ro+Q5rZQAvecNCTRBLuYNioDys8X5h5l90FeU9iFdK4gjjCw2y3CLsc0bGHGcpwuo3G2GXpKtw49m3LzrJp21Y8RdZXOHfjm7Vy7RP7BojVnl+fmrrwM6kQwXie2n2EyD/EnFBKXRQ0GY7FR3EELAOCqN/591HPVZevEr9hLxNMz8jEJ6dXPI66xW5aTevubYyNK1m6nH29UFPRnuvWNtjjZnkd0SPBCUMNjwEU+zOcOBMjAju6/T6MFyRgQFToZU6ksfJzrn+2VAcV90mLdAUgstj94RsJnbqZQvIX0KgDvXIkoDVlDlun99PNAJydvwdneuNRbc5uqFo=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

By default there is a jdbc source which reads the subject and subjectattribute tables.  If you don’t have it in your source anymore then you wont be able to find it.  For groups it should work. 

 

Do you have something like this in grouper-ws.properties?

 

 

# if you have subject namespace overlap (or not), set the default subject

# sources (comma-separated) to lookup the user if none specified in user name

ws.logged.in.subject.default.source = g:gsa

 

# prepend to the userid this value (e.g. if using local entities, might be:    etc:servicePrincipals:   )

ws.security.prependToUserIdForSubjectLookup = some:path:to:principals

 

 

There is no way to delete the “jdbc” default subject source subjects.  We can add that at some point.  Deleting from DB is the way to go.

 

Thanks

Chris

 

 

From: <> On Behalf Of Black, Carey M.
Sent: Wednesday, December 05, 2018 11:31 PM
To: Crawford, Jeffrey <>; Grouper-Users <>
Subject: [grouper-users] RE: Grouper Shell and AddSubject

 

Jeffrey,

 

I got to say that I don’t know why grouper is doing what it is doing for either of us on this one. And that is different, maybe, than what it is doing for you.

And given that I am doing what you are doing for WebService accounts, I am very interested in understanding what is not working. L

 

( I am using v 2.3. You did not say what version your using.  Maybe your upgraded from 2.3 to 2.4? )

 

But maybe this will help.

 

 

groovy:000> findSubject("grouper-testUser2");

ERROR edu.internet2.middleware.subject.SubjectNotFoundException:

subject not found: grouper-testUser2

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.thereCanOnlyBeOne (SourcesXmlResolver.java:486)

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdOrIdentifier (SourcesXmlResolver.java:527)

        at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdOrIdentifier (CachingResolver.java:377)

        at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdOrIdentifier (ValidatingResolver.java:203)

        at edu.internet2.middleware.grouper.SubjectFinder.findByIdOrIdentifier (SubjectFinder.java:316)

        at edu.internet2.middleware.grouper.app.gsh.findSubject.invoke (findSubject.java:154)

        at edu.internet2.middleware.grouper.app.gsh.findSubject$invoke.call (Unknown Source)

        at groovysh_evaluate.findSubject (groovysh_evaluate:4)

        at groovysh_evaluate.findSubject (groovysh_evaluate)

 

groovy:000> addSubject("grouper-testUser2", "application", "grouper-testUser2");

===> Subject id: grouper-testUser2, sourceId: null, name: grouper-testUser2

 

groovy:000> findSubject("grouper-testUser2");

===> Subject id: grouper-testUser2, sourceId: jdbc, name: grouper-testUser2

 

I note that the addSubject returns “sourceId: null”.

Yet it appears to have stuffed the user into “sourceId: jdbc”.

 

And when I go look in the Subject table in the DB… yep. There it is.

 

 

Just a wag:

 

Maybe you did something to your jdbc source?

Maybe the jdbc source was not converted/upgraded properly?

 

 

And while we are on the “subject”, ( Ugh… bad puns are everywhere )  can anyone point at a Grouper API to “removeSubject()” ?

                Yea.. SQL should get the job done, but their could be application caches, details, and quarks Oh my.  

                If you can add then you should be able to remove too. IMHO [ In my hopeful opinion]

 

--

Carey Matthew

 

From: <> On Behalf Of Crawford, Jeffrey
Sent: Wednesday, December 5, 2018 6:42 PM
To: Grouper-Users <>
Subject: [grouper-users] Grouper Shell and AddSubject

 

Greetings,

 

We’ve been having issue with the grouper Web Service finding the service accounts since we upgraded. Originally the web service accounts were created as groups, and the web service basic auth seemed to work fine. My guess is that over time it was no longer possible to bind a basic auth REMOTE_USER to a group entity. So I thought I would create an application local identity and just make it a member of the original group we created as a migration step.

 

However I was trying to create a local entity. I used the Grouper shell to create a service account, but after creating it and trying to access it via findSubject, It doesn’t find the account I just created:

 

groovy:000> addSubject("grouper-wsuser", "application", "grouper-wsuser");

===> Subject id: grouper-wsuser-iamucla, sourceId: null, name: grouper-wsuser

groovy:000> findSubject("grouper-wsuser");

ERROR edu.internet2.middleware.subject.SubjectNotFoundException:

subject not found: grouper-wsuser

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.thereCanOnlyBeOne (SourcesXmlResolver.java:486)

        at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.findByIdOrIdentifier (SourcesXmlResolver.java:527)

        at edu.internet2.middleware.grouper.subj.CachingResolver.findByIdOrIdentifier (CachingResolver.java:406)

        at edu.internet2.middleware.grouper.subj.ValidatingResolver.findByIdOrIdentifier (ValidatingResolver.java:203)

        at edu.internet2.middleware.grouper.SubjectFinder.findByIdOrIdentifier (SubjectFinder.java:316)

        at edu.internet2.middleware.grouper.app.gsh.findSubject.invoke (findSubject.java:154)

        at edu.internet2.middleware.grouper.app.gsh.findSubject$invoke.call (Unknown Source)

        at groovysh_evaluate.findSubject (groovysh_evaluate:4)

        at groovysh_evaluate.findSubject (groovysh_evaluate)

 




Archive powered by MHonArc 2.6.19.

Top of Page