Out of the box, grouper-ws uses Grouper built-in basic authentication with usernames and passwords hashed and stored in the grouper database (after enabling it).
This authentication is built-in to Grouper and does not use tomcat or apache authentication
...
| File | Value | Description |
|---|---|---|
| grouper.hibernate.properties | grouper.is.ws.basicAuthn=true | This enabled enables the built-in Grouper authentication with passwords in the database |
| web.xml | No security-constraints or login-configs | This is the default provided with container, do not overlay |
| server.xml | ajp 8009 connector element: tomcatAuthentication="false" | This is the default provided with container, do not overlay Tomcat is not doing authn so that attribute needs to be false |
| grouper-ws.properties | ws.security.non-rampart.authentication.class = | This should be blank (get remote_user) This is the default provided with container, do not overlay |
| grouper-www.conf | no AuthType directives | This is the default provided with container, do not overlay |
...