spaces.at.internet2.edu has been upgraded to Confluence 7.11.1. If you have any questions and/or concerns, please contact us at techsupport@internet2.edu
Child pages
  • Grouper web services - authentication - built-in Grouper
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Out of the box, grouper-ws uses Grouper built-in basic authentication with usernames and passwords hashed and stored in the grouper database (after enabling it).

This authentication is built-in to Grouper and does not use tomcat or apache authentication

Manage users

Enter your own values for:

  • ***PRINCIPAL***
  • ***PASSWORD***

Until there is a UI you can remove accounts in the database in the grouper_password table (or we can add more GSH methods)

cd /opt/grouper/grouperWebapp/WEB-INF/bin
./gsh.sh    (as tomcat... e.g. sudo -u tomcat ./gsh.sh)

v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("GrouperSystem").assignPassword("password").save();

Configure

This is on by default if you start a Grouper container v2.5 with "ws".  But here are some details.  Note the file locations in the container are listed in the v2.5 container documentation

FileValueDescription
grouper.hibernate.properties

grouper.is.ws.basicAuthn=true

This enables the built-in Grouper authentication
with passwords in the database
web.xmlNo security-constraints or login-configsThis is the default provided with container, do not overlay
server.xml

ajp 8009 connector element:        tomcatAuthentication="false"

This is the default provided with container, do not overlay

Tomcat is not doing authn so that attribute needs to be false

grouper-ws.properties

ws.security.non-rampart.authentication.class =

This should be blank (get remote_user)

This is the default provided with container, do not overlay

grouper-www.confno AuthType directivesThis is the default provided with container, do not overlay
  • No labels