Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] creating Grouper USER Subjects

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] creating Grouper USER Subjects


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Black, Carey M." <>
  • To: T-Heetderks <>
  • Cc: Grouper Users <>
  • Subject: RE: [grouper-users] creating Grouper USER Subjects
  • Date: Fri, 22 May 2020 13:30:09 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=osu.edu; dmarc=pass action=none header.from=osu.edu; dkim=pass header.d=osu.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HgXqcGjFkjIjRy9LmZXr2v/69d/wSF0i1wTACFoKp/w=; b=J7Yhj4EQOH58eB6bvZlUGba/KSYBqBTM3w+usJFTefla+aDXko+9JyEmNUlgDsICUELCfgw7SBXtpq7lQGBeYiZ7t1OEhaFfL82qcAJ8kcaabdcxf/jdXA1a2RVUgUT5w4Ubr2cABJBE7GhF4vChemsrVVfG/++gr4BGB2awajnMewrpdCn8MSUyTbAjxUPFENwIfyHssdeRihjnGk6ZNqEDQBXA6dAqdTOhMZeWTCEaVu0S9la2WvFDuM2qZ2tsUmEOv9s/URfJdi2Lkw6bDbklyshrxvjwVdqtYVN6zYeAmp3t0xynX96i/P/1UjrpoVhaPHVkBfkVAMAdt6RUYg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WbEH5bMhMbqoBMsM/3D6H9eX0aJhdzh/fp2q+rYmYB7QpBs3c4Yezp5TM/jPBSRLA0KdwdY4KI3mPb8B9M/LY8Ob9itBBrzRDdUkrzCXE9MUVAehNW4hjh9UHUrZySO01Ma1j8Rwo89REZEht8/6wW1ROxMfaN8VYq+ZOanh/mh1cXqIgBl04j3NP64/NGquuhms81e9DbrOAgM8xZtwVtHczb/EUDkEnICkq4Q+noqoC6eniosa0VrutXPsrQDk+udkHlGmUl5wRhqydjrw3LJJCxi0c2XWdryY4Vv6dTWOjBrrguFoL3CpHrv4Mlco+iQl9z4Mx9UGCUzTshSXQw==
Thomas,

Bill is spot on.

I will also add that There are ways to “just get around this”, but they
could leave you with “issues” once you get it right too. So here is a bit of
advice.

You could start off by first setting up the container with “Grouper based
Auth”. (
https://spaces.at.internet2.edu/display/Grouper/Grouper+web+services+-+authentication+-+built-in+Grouper)
Do yourself a favor and *don’t use your “real username”*. It will make
the transition to your real user ID from the real subject source easier and
less confusing.
I suggest adding a “-local” to the end of your normal username.
You could also opt to use “Tomcat authentication” in the same way too. (
https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI
)


Here is a good page to help you figure out what is going on at any stage in
the process.

This will help:

https://spaces.at.internet2.edu/display/Grouper/Grouper+subject+API+diagnostics+in+UI

Specifically the “Run from GSH” part can be very helpful to figure out what
is and is not working for your Subject APIs.
If you need more guidance on how to “bash into” the container and run
GSH, just let us know.

--
Carey Matthew

From:
<> On Behalf Of Bill Thompson
Sent: Friday, May 22, 2020 9:18 AM
To: T-Heetderks <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] creating Grouper USER Subjects

Hi Thomas. Grouper mostly relies on integration with external systems for
maintaining resolvable subjects via the Grouper Subject API. You'll want to
configure the Subject API to point to an identity registry database (RDMBS or
LDAP).

https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Subject*API__;Kw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rT4qZYIXQ$

https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Penn*subject*source*JDBC2*example__;KysrKw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rTtmpOfdU$

Best,
Bill


On Fri, May 22, 2020 at 9:09 AM T-Heetderks
<> wrote:
I am trying to setup GROUPER 2.5 from the deployed Docker container (latest)
with Auth via Shib to our campus IDP. When I complete the Auth, I get an ERROR
message: Your username could not be found in the system as an entity.
LOGGED:
POST /grouper/grouperExternal/public/UiV2Public.postIndex?
function=UiV2Public.error&code=authenticatedSubjectNotFound HTTP/1.1" 200 818
How do I either make it recognize Auth from Shib as a valid Subject -OR-
manually enter the Shib user as a valid Subject

Thanks for the help!!
- Thomas

Archive powered by MHonArc 2.6.19.

Top of Page