grouper-users - Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui
Subject: Grouper Users - Open Discussion List
List archive
- From: "Chad Redman" <>
- To: ,
- Subject: Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui
- Date: Wed, 5 Oct 2022 14:50:05 +0000
Hi Francesco,
The logic in the Grouper login code is to use the
grouper.ui.authentication.http.header value only as a fallback in case the
REMOTE_USER isn't set.
If I understand correctly, your REMOTE_USER is set, but it's a different value
than the uid that you want? You can try to change this in your SP's
shibboleth2.xml so it defaults to use it.
<ApplicationDefaults entityID="https://sp.example.org/shibboleth";
REMOTE_USER="eppn subject-id pairwise-id persistent-id"
cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
The file attribute-map.xml maps the incoming oids to names, and uid is one
mapped by default. So if you replace the defaults to REMOTE_USER="uid", I
believe it will set the remote user for the app *IF* the idp is sending the
uid.
But if you really don't see a uid header (you may need to look at logs to
check), check to make sure your IDP is passing it.
-Chad
- [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Francesco Malvezzi, 10/05/2022
- Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Chad Redman, 10/05/2022
- Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Francesco Malvezzi, 10/06/2022
- Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Chad Redman, 10/05/2022
Archive powered by MHonArc 2.6.24.