grouper-users - Re: [grouper-users] creating Grouper USER Subjects
Subject: Grouper Users - Open Discussion List
List archive
- From: Kevin Rooney <>
- To: "Black, Carey M." <>
- Cc: T-Heetderks <>, Grouper Users <>
- Subject: Re: [grouper-users] creating Grouper USER Subjects
- Date: Fri, 22 May 2020 10:18:01 -0400
Thanks for asking the question, Thomas. Those links Bill and Carey sent are exactly what I was getting ready to look for.
Kevin Rooney
Director, Identity Architecture and Technology
Identity Strategy and Solutions / Secure Identity Services
Virginia Tech
On Fri, May 22, 2020 at 9:31 AM Black, Carey M. <> wrote:
Thomas,
Bill is spot on.
I will also add that There are ways to “just get around this”, but they could leave you with “issues” once you get it right too. So here is a bit of advice.
You could start off by first setting up the container with “Grouper based Auth”. ( https://spaces.at.internet2.edu/display/Grouper/Grouper+web+services+-+authentication+-+built-in+Grouper)
Do yourself a favor and *don’t use your “real username”*. It will make the transition to your real user ID from the real subject source easier and less confusing.
I suggest adding a “-local” to the end of your normal username.
You could also opt to use “Tomcat authentication” in the same way too. ( https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI )
Here is a good page to help you figure out what is going on at any stage in the process.
This will help:
https://spaces.at.internet2.edu/display/Grouper/Grouper+subject+API+diagnostics+in+UI
Specifically the “Run from GSH” part can be very helpful to figure out what is and is not working for your Subject APIs.
If you need more guidance on how to “bash into” the container and run GSH, just let us know.
--
Carey Matthew
From: <> On Behalf Of Bill Thompson
Sent: Friday, May 22, 2020 9:18 AM
To: T-Heetderks <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] creating Grouper USER Subjects
Hi Thomas. Grouper mostly relies on integration with external systems for maintaining resolvable subjects via the Grouper Subject API. You'll want to configure the Subject API to point to an identity registry database (RDMBS or LDAP).
https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Subject*API__;Kw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rT4qZYIXQ$
https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Penn*subject*source*JDBC2*example__;KysrKw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rTtmpOfdU$
Best,
Bill
On Fri, May 22, 2020 at 9:09 AM T-Heetderks <mailto:> wrote:
I am trying to setup GROUPER 2.5 from the deployed Docker container (latest)
with Auth via Shib to our campus IDP. When I complete the Auth, I get an ERROR
message: Your username could not be found in the system as an entity.
LOGGED:
POST /grouper/grouperExternal/public/UiV2Public.postIndex?
function=UiV2Public.error&code=authenticatedSubjectNotFound HTTP/1.1" 200 818
How do I either make it recognize Auth from Shib as a valid Subject -OR-
manually enter the Shib user as a valid Subject
Thanks for the help!!
- Thomas
- [grouper-users] creating Grouper USER Subjects, T-Heetderks, 05/22/2020
- Re: [grouper-users] creating Grouper USER Subjects, Bill Thompson, 05/22/2020
- RE: [grouper-users] creating Grouper USER Subjects, Black, Carey M., 05/22/2020
- Re: [grouper-users] creating Grouper USER Subjects, Kevin Rooney, 05/22/2020
- RE: [grouper-users] creating Grouper USER Subjects, Black, Carey M., 05/22/2020
- Re: [grouper-users] creating Grouper USER Subjects, Bill Thompson, 05/22/2020
Archive powered by MHonArc 2.6.19.