Subject: Grouper Developers Forum
- From: Chris Hyzer <>
- To: Grouper Dev <>
- Subject: [grouper-dev] RE: external subjects
- Date: Mon, 6 Dec 2010 09:10:07 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Im working on syncing groups between two groupers, and one piece that was needed was an external subject WS parameter… so now if you are adding a member to a group, you can specify a param, and it will add the user as an external member if it is not found… this is in WS and client…
I am considering myself done with Grouper external subjects (done as in, complete J ).
Everything is on the demo server, you can try it out, test it, let me know about issues, etc.
Since last email, this is what I added:
- Invitations using email address
- Invitations using login ID (Washington asked for this at member meeting)
- User level auditing (who did what)
- Emails to admin when actions occur (optional)
- Links from the Admin UI and Lite UI to the invite screen for provisioning to that group
- Links from invite screen back to admin or lite UI (if focused on a group)
- This works because you can put a group name or id in the URL of the invite screen to provision to the group (and you see it on the screen too)
- Attribute assignments used to not expire automatically, now they do
- You can enable or disabled the invite or registration screen individually (default is disabled)
- There is a DB view for invitations
- There are 12 new DB views that show attribute framework values for the 12 types of attribute assignments (group, stem, group assignment, etc)
- The email address that an external user responds to is stored in a “vetted email” column in the DB (multiple will be stored there). Admins can use this as a good way to contact external subjects that were entered due to email invite.
- When one invitation is clicked on by an external user, all pending invitations for that user (by email address) are processed
- The inviter is emailed when the external subject registers
- External subject identifiers can be validated like an email address (eppn?) and certain regexes can be configured as invalid (e.g. don’t allow registrations of people from my institution, they aren’t external)
Everything is documented here:
Let me know any feedback.
I installed Grouper 2.0 (alpha) on the demo server, and separated out the external subject register from the UI in the httpd.conf (even though both are shibboleth in this case). So now you can register with shib (protect network if you don’t have another in common ID).
I will be enabling (and testing) more features of this, but now the barebones is usable… let me know if there are problems…
When done, go to the UI:
Here the demo part documented on the wiki:
So now in the UI code, a bunch of the static resources (css, images, js, etc) were moved to the grouperExternal folder… I wonder if we should just move everything over there so we don’t have to move more things in the future…
Thanks to shilen for doing the shib part…
- [grouper-dev] RE: external subjects, Chris Hyzer, 12/01/2010
- <Possible follow-up(s)>
- [grouper-dev] RE: external subjects, Chris Hyzer, 12/06/2010
Archive powered by MHonArc 2.6.16.