grouper-users - [grouper-users] Possible grouperClient bug?
Subject: Grouper Users - Open Discussion List
List archive
- From: Marwan Shaher <>
- To: "" <>
- Subject: [grouper-users] Possible grouperClient bug?
- Date: Thu, 8 Jul 2021 16:32:59 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=colorado.edu; dmarc=pass action=none header.from=colorado.edu; dkim=pass header.d=colorado.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pfz7fkqkGhYzBr68y1JI0ZhYLdpcq3sGL+zYmohSsgw=; b=ZSzT6oYsvVQdyEUJ/5B3zZDDCcr1aoNA8lbvkZjBNHKGWvNXez5wVydHMF+DEG8/8HTNtPAfv2tk8TOuz/XN7OOkVyNm2IhVHWejAERTH+dObUp8YHqacq7BCPosqqDJlhbEdZll0/PAeLHo0LR165RbTUZf5Z6HBoGEaDFQHa1w7eq9Zn2t1+iR5g5FCaTiAvKqJny0OgRink2Qs/M0o42rq1fpNHPwnkCdvhGj4xNz9ZuYEo+asczqnNlhnbEs2jaDeBmyDBGIGTviBXVbYqaAl8YCY7Z9qkYsG5J3Ypi+n0OdTg48Z5KZI1uwM3eG8K6nss+rOk3frtP+Bplo2g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KPQifVdNM8LpdpmsGzIwCsLznQxRir42xiVz3B3RlpKtZ1w6jPwjZbKDn8cZOzmFI8R3NAZZTeWWS+12vkSYIkqpC/o3ZxXu/04S6Nvzcd1tgpPLUzYzHRsSZzFGctyZCG/ar/JuGwr0NTXGujg7WVyETD3U7jUF0qCKXfdwUB7eWNQ1Z2lkuUr2PXi9Uxv9/fSIIz8I6IMvSNgipgOHyOrHnJf0rlsbTxX4q9JMC3sjy0CLbbCanTNLER3BtbeZr1bxin82rvGADaBLJue7on7wHBnk/LBDyw2yzlJeYppGEcZIrX6W2Df5vcjW0C0He/ucR347D2lWDTliqw16gg==
In newer versions (2.5.xx ) of grouperClient.jar, it doesn’t look like the “encrypt.key” parameter is recognized if the value for GROUPER_CLIENT_WS_PASSWORD is set to the path of the file with the encrypted password. It results in the following error:
Error with grouper client, check the logs: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required
Jul 08, 2021 10:13:02 AM edu.internet2.middleware.grouperClient.GrouperClient main
SEVERE: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required
java.lang.RuntimeException: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required
at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.propertyValueStringHelper(ConfigPropertiesCascadeBase.java:496)
…..
…..
The way to reproduce the error is as follows:
$ export GROUPER_CLIENT_WS_URL=https://grouper_web_server_address/grouper-ws/servicesRest
$ export GROUPER_CLIENT_WS_LOGIN=login_username
$ export GROUPER_CLIENT_WS_PASSWORD=/full/path/to/encrypted/password/file
- set the “encrypt.key” property in grouper.client.properties to the full path of the encryption key file
$ java -jar grouperClient.jar --operation=getMembersWs --groupNames=PATH:TO:GROUPER:GROUP
The command works if the GROUPER_CLIENT_WS_PASSWORD is set to the actual password value instead, which of course is a security risk. This was encountered when running grouperClient on linux and MacOS (Catalina and Big Sur) hosts, with openjdk
11.0.2. It hasn’t been tried on a windows host.
I suspect the same may be true if GROUPER_CLIENT_LDAP_PASSWORD is set to a path instead of the actual password.
Thanks,
Marwan Shaher
- [grouper-users] Possible grouperClient bug?, Marwan Shaher, 07/08/2021
Archive powered by MHonArc 2.6.24.