Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
Description
In newer versions (2.5.xx ) of grouperClient.jar, it doesn’t look like the “encrypt.key” parameter is recognized if the value for GROUPER_CLIENT_WS_PASSWORD is set to the path of the file with the encrypted password. It results in the following error:
Error with grouper client, check the logs: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required
|
Jul 08, 2021 10:13:02 AM edu.internet2.middleware.grouperClient.GrouperClient main |
SEVERE: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required java.lang.RuntimeException: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required
|
at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.propertyValueStringHelper(ConfigPropertiesCascadeBase.java:496) |
...
|
...
|
The way to reproduce the error is as follows:
$ export GROUPER_CLIENT_WS_URL=https://grouper_web_server_address/grouper-ws/servicesRest |
$ export GROUPER_CLIENT_WS_LOGIN=login_username
|
$ export GROUPER_CLIENT_WS_PASSWORD=/full/path/to/encrypted/password/file
|
- set the “encrypt.key” property in grouper.client.properties to the full path of the encryption key file
$ java -jar grouperClient.jar --operation=getMembersWs --groupNames=PATH:TO:GROUPER:GROUP
The command works if the GROUPER_CLIENT_WS_PASSWORD is set to the actual password value instead, which of course is a security risk. This was encountered when running grouperClient on linux and MacOS (Catalina and Big Sur) hosts, with openjdk 11.0.2. It hasn’t been tried on a windows host.
I suspect the same may be true if GROUPER_CLIENT_LDAP_PASSWORD is set to a path instead of the actual password.