Versions Compared

Old Version 10

changes.mady.by.user David Langenberg (uchicago.edu)

Saved on

compared with

New Version 11

changes.mady.by.user David Langenberg (uchicago.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Include Page
spaceKeyGrouper
pageTitleNavigation

Overview

panel
Warning
titleNotice

If you are working with Grouper 2.1 or above, see the newer documentation on Grouper and Shib Integration

Panel

As of v1.5, the Grouper API distribution, grouper.jar, provides a Data Connector Extension and Attribute Definition Extensions to the Shibboleth Attribute Resolver.

The namespace and schema location are:

Code Block
xml
xml
<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
  xmlns:grouper="http://grouper.internet2.edu/shibboleth/2.0"
  xsi:schemaLocation="http://grouper.internet2.edu/shibboleth/2.0 classpath:/schema/shibboleth-2.0-grouper.xsd"
  ...

These were chosen as part of the design for the Grouper PSP. However, they also offer a new means of including Grouper information in Shibboleth-based SAML attribute assertions.

Sites interesting in integrating these new capabilities into their Shibboleth IdP are advised to conduct extensive testing prior to implementing in a production environment.

Installation into your Shibboleth Identity Provider

Warning
titleWarning

This is NOT the recommended way to integrate with your Shibboleth Identity Provider

To install the Grouper DataConnector into you need to copy all of the grouper jars into the /lib directory of your shibboleth installation. Then run install.sh. Next, you'll need to have your grouper configuration files including grouper.properties and subject.xml placed into /opt/shibboleth-idp/conf. You should then be able to edit your attribute-resolver.xml as above and it should be able to get the necessary attributes.

Grouper Data Connectors

Group Data Connector

...