Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Peer help required to smuggle uid shib var to grouper-ui

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Peer help required to smuggle uid shib var to grouper-ui


Chronological Thread 
  • From: Francesco Malvezzi <>
  • To: "" <>
  • Subject: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui
  • Date: Wed, 5 Oct 2022 09:19:58 +0200

hi everybody,

this is not a strictly grouper question: I'm trying to follow the documentation on:

https://spaces.at.internet2.edu/display/Grouper/Authentication+to+the+Grouper+UI

in the section that reads:

"As an alternative, if the web server sets a "uid" http header after login (e.g., if using a Shibboleth SSO identity provider that releases uid), the configuration property grouper.ui.authentication.http.header can be set to "uid". In this case, the resolver will use the uid header value as the %TERM% to look up."

But I can't forward the uid ENV var from apache2 in the VM to tomcat inside docker.

My apache2's virtual host is:

<Location /grouper>
RequestHeader set AJP_UID "%{uid}e" # quite likely useless
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequireSession on
ShibUseHeaders On
AuthType shibboleth
ShibRequestSetting entityID https://idp.example.edu/idp/shibboleth
#ShibRequestSetting entityIDSelf https://$hostname/sp
</Location>

My grouper-ui.properties override file contains:

grouper.ui.authentication.http.header = "UID"

(but I also already tried uid smallcased).

It looks like the uid http header is empty, as grouper-ui uses the REMOTE_USER.

Can you please share your experience?

thank you,

Francesco




Archive powered by MHonArc 2.6.24.

Top of Page