Grouper Developers Forum

[Emily Eisbruch <>]

Notes: Grouper Call of  Wed. 4-Nov-2015 

Attending: Tom Barton, Jim Fox, Marwan Shaher & Pregash Devasagayam (UC Boulder), Chris Hyzer, Misagh Moayyed, Shilen Patel

New Action Items

• Chris, Shilen and Misagh  discuss patching JARs. 

• Chris to handle wiki updates -- move uportal and KIM to move to whatever happened to, notifications (look at)

• Bert to follow up on email.

Carry Over Action items

[AI] (Bert) provide feedback on Grouper training videos (No feedback as yet. Keep open)

 

[AI] (Bert) will look at improvements to doc around UI Authn with CAS. It was noted that several steps are needed, hard to reproduce. (Keep open).

• • UC Boulder in the process of getting groups loaded from AD into Grouper. May have a few suggestions on improving the loader performance. A few functions/parameters in the core are suggested to be refactored and moved out as separate API calls.

Grouper Roadmap

https://spaces.internet2.edu/display/Grouper/Grouper+Product+Roadmap

 Chris updated the Grouper roadmap to include Google provisioning and move a few items to “whatever happened to”  (done)

Chris H: To be reviewed by other team members, and to provide feedback. Functionality provided here is closely related to the actual release. Working on finishing the UI, though seems rather unlikely for 2.3. Same with PSP NG; might be too ambitious for the initial scope of 2.3.  Chris AI to move uportal and KIM to move to whatever happened to, notifications (look at)

2. Current work tasks

 

·         Chris: Duo changelog consumer, messaging changelog consumer     https://spaces.internet2.edu/display/Grouper/Grouper+messaging+built+in

Work in progress. When discussing messages, we opted to design a simple messaging system specific to Grouper that can be integrated with ActiveMQ, etc. An extra table is available to manage messages, and daemons will process messages in the list. Queues and Topics are available via Grouper permissions. Create a perm resource that represents a topic, assign to a grouper subject (subjects would be systems that could authN). Would also have a WS that would publish to this messaging queue, and then we should be able to create a changelog consumer to work with this queue. Changes are discussed with Bert, DDL revised based on feedback.

Is this going to come with built-in impls?

 

Yes. The messaging system interface can be used as the parent contract, with a built-in ActiveMQ impl and later on we can do Azure, AWS DynamoDB, etc. There are a few constraint; ordering can be tricky wrt to transactions. Review timeout configuration; if the messaging system does not handle rejected messages it may be ignored. The implementation of the interface will need to handle rejections.

Other WIP: Duo-Grouper changelog consumer for Penn.

·         Shilen: Loader

Had to use an updated version of Quartz. The new version was not compatible with HSQLDB driver, so that was updated too. Had to fix DDL Utils as well (though the project appears to be EOL/Dead) May have to patch it locally? Need the patch to align with build/deployment practices and managing dependencies.

Possible to replace DDLUtils? If the maintenance is going to require a lot of effort to patch locally, we might be able to replace (patching a dead thing is “creepy”!). Otherwise, we will need to find a strategy going forward.

Back to Quartz, if the schedules are not going to be kept in DB: we might need a new interface to manage schedules. The schedule might keep changing in the database with 2 system conflicts. Will review to do a check on startup to move scheduling settings from a config file over to the DB. Rather that keeping settings in memory, that is.

Loading attribute assignments from SOR? Another possible task to work on. Created JIRA based on feedback from John Gasper.

·         Bert: PSPNG

Able to prototype of a super fast AD provisioner.

·         Misagh: Building and packaging

 

https://spaces.internet2.edu/pages/viewpage.action?pageId=87755940

Try to minimize changes as much as possible to make the transition smoother for all members. WIP.

·         Vivek: WS

Working on permission-access. Have a PR pending. Chris will provide feedback.

3. grouperLoader a requirement to run? (if so, TODO for Chris to change documentation and reply to the list)

Grouper loader required for Grouper? Loader handles processing of “temp” functionality, i.e. cleanup. Loader provides a few convenience utils. For deployments that don’t use the changelog, not using the loader might be OK. Jim could provide specific feedback on how Loader could be used at Washington. All imports are done through the REST API, removing the need for the loader.

4. Issue roundup

 

·        Patch for Tim Darby for NPE (done)

 

·        Shilen created Jira for Prevent renaming/moving of groups (done)

 

·        WS subject attribute requested vs default subject names.  Append to the list (Can specify which subject attributes are returned from WS. Opt-in requests are also possible.)

 

·        Managing memberships that automatically expire (do it via a rule)

 

·        Privileges around creating, managing, and assigning attributes ·        Loader and threads (loader has config parameter that can control threads via hints. Enhancements available in 2.2.x that help with thread config and performance.)

·        Loader with groups as members (TODO Chris add to wiki)

 

·        Brigitte email from 10/23 needs followup (bulk sync)?  If so, then TODO for Bert

 

·        Francesco with JDBC source (New driver was suggested. TODO Chris to followup)

 

·        Jeffrey Crawford folder profiles where user in only one group (hook to create later. Used with a single assignable attribute to a user that cannot be duplicated in different orgs)

 

·        Performance of large group adds and change log (was an idea. not anymore)

 

·        Setting group attributes via loader (new jira)

 

·        Changing subject id of subject (memberChangeSubject function sufficient)

 

·        Grouper and tomcat versions (TODO for Chris to look it)

 

·        Multiple “connected” instances of Grouper

 

·        grouperLoader a requirement to run?

 

·        attributeValue change event vs remove/add (have UI/WS does a remove/add when event is published to changelog. Brown wants just a single update)

 

·        grouper LDAP issues

 

·        upgrade WS/UI and the webapp dir (make sure the compiled webapp directory is used)

 

5.  AD grouper loader

 

• Boulder has few code suggestions that could become patches for 2.2.2

• Shall provide a pull request on github. Able to diff changes, etc and then proceed to make a patch.

• AD environment is very decentralized. Everything is delegated.

• Pull AD groups into Grouper; the distribution list in grouper is controlled via a different messaging/collaboration team.

• Deployed O365 connector; using a message bus. Prod environment is only managing O365 dist. list. In the middle of PH2 deployment to deploy WS and add more services such as Google, LDAP. 6-month timeline on PH2.

• O365 connector can be shared and code can become available. Lightning talk done at TechEx 2016 @ Cleveland.

6. AI review

 

• Chris, Shilen and Misagh will need to discuss patching JARs. 

• Chris to handle wiki updates

• Bert to follow up on email.

Next Grouper Call: Wed. Nov. 18, 2015 at noon ET

Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749