Out of the box, grouper-ws uses Grouper basic authentication with usernames and passwords hashed and stored in the grouper database.
This authentication is built-in to Grouper and does not use tomcat or apache authentication
Manage users
Enter your own values for:
- ***PRINCIPAL***
- ***PASSWORD***
Until there is a UI you can remove accounts in the database in the grouper_password table (or we can add more GSH methods)
cd /opt/grouper/grouperWebapp/WEB-INF/bin
vi addUser.gsh
grouperPasswordSave = new GrouperPasswordSave();
grouperPasswordSave.assignUsername("***PRINCIPAL***").assignPassword("***PASSWORD***").assignEntityType("username");
grouperPasswordSave.assignApplication(GrouperPassword.Application.UI);
new Authentication().assignUserPassword(grouperPasswordSave);
./gsh.sh addUser.gsh
Configure
This is on by default if you start a Grouper container v2.5 with "ws". But here are some details. Note the file locations in the container are listed in the v2.5 container documentation
| File | Value | Description |
|---|---|---|
| grouper.hibernate.properties | # WS basic auth is usually for a quick start. Set to false if you migrate to ldap or kerberos or something else | This enabled the built-in Grouper authentication with passwords in the database |
| web.xml | No security-constraints or login-configs | Should be default provided with container |
| server.xml |