Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui


Chronological Thread 
  • From: "Chad Redman" <>
  • To: ,
  • Subject: Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui
  • Date: Wed, 5 Oct 2022 14:50:05 +0000

Hi Francesco,

The logic in the Grouper login code is to use the
grouper.ui.authentication.http.header value only as a fallback in case the
REMOTE_USER isn't set.

If I understand correctly, your REMOTE_USER is set, but it's a different value
than the uid that you want? You can try to change this in your SP's
shibboleth2.xml so it defaults to use it.

<ApplicationDefaults entityID="https://sp.example.org/shibboleth";
REMOTE_USER="eppn subject-id pairwise-id persistent-id"

cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">

The file attribute-map.xml maps the incoming oids to names, and uid is one
mapped by default. So if you replace the defaults to REMOTE_USER="uid", I
believe it will set the remote user for the app *IF* the idp is sending the
uid.

But if you really don't see a uid header (you may need to look at logs to
check), check to make sure your IDP is passing it.

-Chad



Archive powered by MHonArc 2.6.24.

Top of Page