...
| Code Block |
|---|
#######################################
## Configuration in ui
#######################################
# allow configuration from ui
# {valueType: "boolean", required: true}
grouperUi.configuration.enabled=true
# allow configuration only from these IP ranges, e.g. 1.2.3.4/32 or 2.3.4.5/24, comma separated, leave blank if available from everywhere
# {valueType: "string", multiple: true}
grouperUi.configurationEditor.sourceIpAddresses = 127.0.0.1/32
# if the source IP is set by apache or proxy or whatever
# {valueType: "string", sampleValue: "X-FORWARDED-FOR"}
grouperUi.reverseProxyForwardedForHeader = |
You can:
Disable UI configuration
Open up the source IP address to let a non localhost IP address
- List a reverse proxy header where IP address is retrieve from in the incoming HTTP request, e.g. X-FORWARDED-FOR
Note: you can set this in the database via GSHGSH example:
| Code Block |
|---|
GrouperSession grouperSession = GrouperSession.startRootSession(); edu.internet2.middleware.grouper.cfg.dbConfig.GrouperConfigHibernate grouperConfigHibernate = new edu.internet2.middleware.grouper.cfg.dbConfig.GrouperConfigHibernateGrouperDbConfig(); grouperConfigHibernate.setConfigEncrypted(false); grouperConfigHibernate.setConfigFileHierarchyDb("INSTITUTION"); grouperConfigHibernate.setConfigFileNameDb(".configFileName("grouper-ui.properties"); grouperConfigHibernate.setConfigKeypropertyName("grouperUi.configurationEditor.sourceIpAddresses"); grouperConfigHibernate.setConfigValuevalue("1.2.3.4/32"); grouperConfigHibernate.saveOrUpdatestore(); |
You can:
Disable UI configuration
Open up the source IP address to let a non localhost IP address
- List a reverse proxy header where IP address is retrieve from in the incoming HTTP request, e.g. X-FORWARDED-FOR
Note: you can set this in the database via GSH. See the GrouperShell wiki for more info
Debug source IP address configuration in log4j.properties
...