Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] creating Grouper USER Subjects

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] creating Grouper USER Subjects


Chronological Thread 
  • From: Kevin Rooney <>
  • To: "Black, Carey M." <>
  • Cc: T-Heetderks <>, Grouper Users <>
  • Subject: Re: [grouper-users] creating Grouper USER Subjects
  • Date: Fri, 22 May 2020 10:18:01 -0400

Thanks for asking the question, Thomas. Those links Bill and Carey sent are exactly what I was getting ready to look for. 

Kevin Rooney
Director, Identity Architecture and Technology
Identity Strategy and Solutions / Secure Identity Services
Virginia Tech


On Fri, May 22, 2020 at 9:31 AM Black, Carey M. <> wrote:
Thomas,

Bill is spot on.

I will also add that  There are ways to “just get around this”, but they could leave you with “issues” once you get it right too. So here is a bit of advice.

  You could start off by first setting up the container with “Grouper based Auth”. ( https://spaces.at.internet2.edu/display/Grouper/Grouper+web+services+-+authentication+-+built-in+Grouper)
      Do yourself a favor and *don’t use your “real username”*. It will make the transition to your real user ID from the real subject source easier and less confusing.
      I suggest adding a “-local” to the end of your normal username.
     You could also opt to use “Tomcat authentication” in the same way too. ( https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI )


Here is a good page to help you figure out what is going on at any stage in the process.

This will help:
 https://spaces.at.internet2.edu/display/Grouper/Grouper+subject+API+diagnostics+in+UI

Specifically the “Run from GSH” part can be very helpful to figure out what is and is not working for your Subject APIs.
        If you need more guidance on how to “bash into” the container and run GSH, just let us know.

--
Carey Matthew

From: <> On Behalf Of Bill Thompson
Sent: Friday, May 22, 2020 9:18 AM
To: T-Heetderks <>
Cc: Grouper Users <>
Subject: Re: [grouper-users] creating Grouper USER Subjects

Hi Thomas. Grouper mostly relies on integration with external systems for maintaining resolvable subjects via the Grouper Subject API. You'll want to configure the Subject API to point to an identity registry database (RDMBS or LDAP).

https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Subject*API__;Kw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rT4qZYIXQ$

https://urldefense.com/v3/__https://spaces.at.internet2.edu/display/Grouper/Penn*subject*source*JDBC2*example__;KysrKw!!KGKeukY!ksOimjhN4J6JyWSOFhxYfKZWFsxs2B4llJQ25n1S-XVO0x6LJwPLKc3o2_rTtmpOfdU$

Best,
Bill


On Fri, May 22, 2020 at 9:09 AM T-Heetderks <mailto:> wrote:
I am trying to setup GROUPER 2.5 from the deployed Docker container (latest)
with Auth via Shib to our campus IDP. When I complete the Auth, I get an ERROR
message: Your username could not be found in the system as an entity.
LOGGED:
POST /grouper/grouperExternal/public/UiV2Public.postIndex?
function=UiV2Public.error&code=authenticatedSubjectNotFound HTTP/1.1" 200 818
How do I either make it recognize Auth from Shib as a valid Subject -OR-
manually enter the Shib user as a valid Subject

Thanks for the help!!
- Thomas



Archive powered by MHonArc 2.6.19.

Top of Page