Versions Compared

Old Version 7

changes.mady.by.user Chris Hyzer (upenn.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Carey Black (osu.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This authentication is built-in to Grouper and does not use tomcat or apache authentication

You need to configure Grouper to use the build-in basic authentication and you need to create/manage the username(s) and password(s) for the UI or for WS in the data base.

After you have completed the steps in the Configure section and the Manage users section on this page then the basic auth features should work for you.

NOTE: You can "Manage users" before and after you enable the built-in authentication feature. The account data lives in the DB so you need to have a stable DB data set too.

Anchor
manageUsers
manageUsers
Manage users

Enter your own values for:

...

Code Block
cd /opt/grouper/grouperWebapp/WEB-INF/bin
./gsh.sh    (as tomcat... e.g. sudo -u tomcat ./gsh.sh)

v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("GrouperSystem").assignPassword("password").save();// and for WebService accounts you can do this:
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.WS).assignUsername("GrouperSystem").assignPassword("WSpassword_can_be_different_for_the_same_username").save();

Anchor
configure
configure
Configure

This is on by default if you start a Grouper container v2.5 with "ws".  But here are some details.  Note the file locations in the container are listed in the v2.5 container documentation

FileValueDescription
grouper.hibernate.properties

grouper.is.ws.basicAuthn=true

This enables the built-in Grouper authentication
with passwords in the database
web.xmlNo security-constraints or login-configsThis is the default provided with container, do not overlay
server.xml

ajp 8009 connector element:        tomcatAuthentication="false"


This is the default provided with container, do not overlay

Tomcat is not doing authn so that attribute needs to be false

grouper-ws.properties

ws.security.non-rampart.authentication.class =

This should be blank (get remote_user)

This is the default provided with container, do not overlay

grouper-www.confno AuthType directivesThis is the default provided with container, do not overlay

...