Out of the box, grouper-ws uses Grouper basic authentication with usernames and passwords hashed and stored in the grouper database.
This authentication is built-in to Grouper and does not use tomcat or apache authentication
Manage users
Enter your own values for:
- ***PRINCIPAL***
- ***PASSWORD***
Until there is a UI you can remove accounts in the database in the grouper_password table (or we can add more GSH methods)
cd /opt/grouper/grouperWebapp/WEB-INF/bin vi addUser.gsh grouperPasswordSave = new GrouperPasswordSave(); grouperPasswordSave.assignUsername("***PRINCIPAL***").assignPassword("***PASSWORD***").assignEntityType("username"); grouperPasswordSave.assignApplication(GrouperPassword.Application.UI); new Authentication().assignUserPassword(grouperPasswordSave); ./gsh.sh addUser.gsh
Configure
This is on by default if you start a Grouper container v2.5 with "ws". But here are some details. Note the file locations in the container are listed in the v2.5 container documentation
File | Value | Description |
---|---|---|
grouper.hibernate.properties | # WS basic auth is usually for a quick start. Set to false if you migrate to ldap or kerberos or something else | This enabled the built-in Grouper authentication with passwords in the database |
web.xml | No security-constraints or login-configs | Should be default provided with container |
server.xml |