grouper-users - Re: [grouper-users] tomcat-8.5 forbidden error: can't figure out
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: "" <>, Francesco Malvezzi <>
- Subject: Re: [grouper-users] tomcat-8.5 forbidden error: can't figure out
- Date: Wed, 22 Jul 2020 15:10:07 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UphKuoCO0A43Y4qrJN40tFG0/M5HkOuS5wQOoravWSQ=; b=Fdugm2MHEDPYiWqZWCeJz9n95o6A8S970yIA6i3aSU9zI6wsqFv7s2lvc7r8eiF7YjkXn10x4Z/7nSZovekWZICs9bzDgAHXOSW7TXj5Nk6DhPwhbl3n4XWiiOjZTOXFv+CYv8PtTH+yQgHY3KPclCcNaA+waNg5hcwHWmn0oNBU0dQQrLkCCvl3f3a63aQDz0JSGSUxCPDAEphsgGCkpyNwz0lpDyd2hu4t7snK7+0zmM04WmIww8gywyVF3k+HZ1/mq9jiuP3NHI+G1qkUdrIhrQqQv03QGqwmbjO1OOUMb5vWzeOHb9XrsfoIfWFwo/s22E3NwX3QlUMUurJ3GA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XLWMa6xUen+hbUa8Ih9K7omWu1FjHz/9KZ4zcKSPlbxlvHn3izgRd4oPDeYpryPkLJZ7qmSIwtXr8V4W59XxCazNB4P0l5xPGWHV+kk6A7+d7LPNx7os7dI/jw7NQtotSFxKydk58ozlhA18bmKXNOqfTHdpfj8cNjjDKJb8lm/IdAOEEosftdVNoa8RKm8QlXcNXp65Jfrppv9AQkg+6P5aPe9Tkb9OT6vZR5tIhZPSKdgG4beRnVwVu9ZVnPqce9yMRlksHuJTCYSP5eAoevUufxcglcPAy8SO669XDBy4C9SOl3MWzWTkq+WyqNFIlZA+lB7Xe0mn5W1DC8T/DA==
First off, pease upgrade to 2.5.33 instead.
Second, try setting this in log4j.properties:
log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG
Anything helpful in logs?
From: <> on behalf of Francesco Malvezzi <>
Sent: Wednesday, July 22, 2020 10:34 AM
To: <>
Subject: [grouper-users] tomcat-8.5 forbidden error: can't figure out
Sent: Wednesday, July 22, 2020 10:34 AM
To: <>
Subject: [grouper-users] tomcat-8.5 forbidden error: can't figure out
hi all,
it's not exactly a grouper issue, but while migrating from grouper-2.3.0
to grouper-2.4.0 (that requires tomcat-8.5) I can't get rid of the 403
Forbidden error "The server understood the request but refuses to
authorize it."
Authentication is delegated to shibboleth-sp; there is apache2 as
tomcat's reverse proxy.
The HTTP Status 403 Forbidden show up after a successful Shibboleth
authentication; the apache2's logs show the correct REMOTE_USER.
So I think something is wrong on tomcat-8.5.
I doubled checked the Authentication using Shibboleth Single Sign-on
(SSO) document [1] but I am clueless.
The connector in server.xml is pretty normal:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
tomcatAuthentication="false"
tomcatAuthorization="false"
secretRequired="false"
port="8009"
URIEncoding="UTF-8"
address="::1"
redirectPort="8443" />
The security-constraint, login-config, and security-role sections have
been stripped away from ${grouper.ui}/dist/grouper/WEB-INF/web.xml.
I would add there is nothing in the logs. Just a plain line in
localhost_access_log.2020-07-22.txt:
*.*.*.* - - [22/Jul/2020:15:46:18 +0200] "GET /grouper/index.jsp
HTTP/1.1" 403 618
Thank you so much if you could point me to the right direction!
Francesco
[1]
https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI
it's not exactly a grouper issue, but while migrating from grouper-2.3.0
to grouper-2.4.0 (that requires tomcat-8.5) I can't get rid of the 403
Forbidden error "The server understood the request but refuses to
authorize it."
Authentication is delegated to shibboleth-sp; there is apache2 as
tomcat's reverse proxy.
The HTTP Status 403 Forbidden show up after a successful Shibboleth
authentication; the apache2's logs show the correct REMOTE_USER.
So I think something is wrong on tomcat-8.5.
I doubled checked the Authentication using Shibboleth Single Sign-on
(SSO) document [1] but I am clueless.
The connector in server.xml is pretty normal:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector protocol="AJP/1.3"
tomcatAuthentication="false"
tomcatAuthorization="false"
secretRequired="false"
port="8009"
URIEncoding="UTF-8"
address="::1"
redirectPort="8443" />
The security-constraint, login-config, and security-role sections have
been stripped away from ${grouper.ui}/dist/grouper/WEB-INF/web.xml.
I would add there is nothing in the logs. Just a plain line in
localhost_access_log.2020-07-22.txt:
*.*.*.* - - [22/Jul/2020:15:46:18 +0200] "GET /grouper/index.jsp
HTTP/1.1" 403 618
Thank you so much if you could point me to the right direction!
Francesco
[1]
https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI
- [grouper-users] tomcat-8.5 forbidden error: can't figure out, Francesco Malvezzi, 07/22/2020
- Re: [grouper-users] tomcat-8.5 forbidden error: can't figure out, Hyzer, Chris, 07/22/2020
- Re: [grouper-users] tomcat-8.5 forbidden error: can't figure out, Francesco Malvezzi, 07/28/2020
- Re: [grouper-users] tomcat-8.5 forbidden error: can't figure out, Hyzer, Chris, 07/22/2020
Archive powered by MHonArc 2.6.19.