Versions Compared

Old Version 45

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
spaceKeyGrouper
pageTitleNavigation

Table of Contents

Add a new password via gsh for UI

Code Block
v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("GrouperSystem").assignPassword("password").save();

Add a new password via gsh for WS

Note: if you are setting a password for a local entity to do web service calls, you should probably use the uuid (unique id) as the username, though the system name (id) might work too (it works in grouper client).  Colons shouldnt be used in HTTP usernames, so the uuid is better

Code Block
v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.WS).assignUsername("GrouperSystem").assignPassword("password").save();

Local entity with uuid
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.WS).assignUsername("7a7937ad646849fc8278fb2fc6c45156").assignPassword("password").save();


Example with local entity and WS authentication

...

  • To authenticate with JWT the client would
    • Generate a valid jwt jti (e.g. uuid)
    • Have the correct time within configured drift (10 minutes?), get the seconds since 1970 (GMT)

    • Send a "Bearer" authorization header sfdlh23kjh.kjhsdfkjhsf.kjh345kjhkjh   (three parts separated by dot)

    • First part is the header is base64 url encoded

      Code Block
      {
  alg: "RS-256",
  typ: "JWT"
}


    • The second part is what makes the token unique and identifies the user

      • jti is a unique value per request (across clusters), cannot be re-used.  e.g. a uuid
      • username is: system name of local entity
      • iat: Number of seconds since 1970 (that the ticket is issued), the number received on server needs to be within the allowable time drift


        Code Block
        {
  jti: "abc123",
  username: "org:businessSchool:credentials:wiki",
  iat: 1234567
}


  • Thus the same request cannot be replayed

Add a new password via gsh for UI

Code Block
v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("GrouperSystem").assignPassword("password").save();

Add a new password via gsh for WS

Note: if you are setting a password for a local entity to do web service calls, you should probably use the uuid (unique id) as the username, though the system name (id) might work too (it works in grouper client).  Colons shouldnt be used in HTTP usernames, so the uuid is better

...


See Also

Grouper Web Services Authentication

...