Skip to Content.
Sympa Menu

grouper-dev - [grouper-dev] Notes: Grouper call of Nov. 18, 2015

Subject: Grouper Developers Forum

List archive

[grouper-dev] Notes: Grouper call of Nov. 18, 2015

Chronological Thread 
  • From: Emily Eisbruch <>
  • To: "" <>
  • Subject: [grouper-dev] Notes: Grouper call of Nov. 18, 2015
  • Date: Wed, 18 Nov 2015 18:59:18 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
  • Spamdiagnosticoutput: 1:0

Notes: Grouper Call of  Wed. 18-Nov-2015  


Chris Hyzer, Penn, Chair

Jim Fox, U. Washington

Marwan Shaher & Pregash Devasagayam (UC Boulder),

Misagh Moayyed, Unicon

Shilen Patel, Duke

Bert Bee-Lindgren, Georgia Tech

John Gasper, Unicon

Emily Eisbruch, Internet2

Action Items from Nov. 18, 2015 call 

[AI] (Jim) investigate how many messages Azure can handle

[AI] (Shilen or Chris) need to refactor hibernate customizations so they can be built/deployed in grouper namespace.

[AI] (Chris) add to agenda for next call: renaming packages of external jars in client (and installer?)

[AI] (Jim)  Draft a more detailed process for security concern handling 

Action Items from Nov 4, 2015 call 

  • Chris to handle wiki updates

  • Bert to follow up on bulk sync email.   


Current work tasks

 Duo changelog consumer, messaging changelog consumer  - Chris



Use case: Use Duo’s authorization abilities (Group(s?) associated with an integration)

Chris will be implementing this DUO feature on at Penn

Will run full Daemon every hour or so

Q: is this for authorization in Duo?

A: yes, for SSH, VPN etc.


Messaging work  - Chris

Chris is working on this and it’s  coming along. 

Hope to be sending messaging out of the changelog

Permissions for topics and queues,

Can link them together

Pull a set of messages and tell messaging system to mark as done

there is a timeout feature

Basically one table in Grouper to manage this

This is a simple implementation

For more robust : turn on Active MQ

May have involved a DDL change? not sure

Grouper Loader - Shilen

Quartz API change

DDL is working for hsqldb (starting with that)

DDL Utils issue is solved

Next: on startup see if there are jobs that must be removed (changelog or group sync or LDAP jobs etc)

Then Shilen will commit this work and check on other databases

Be sure DDL Utils is adding schema effectively

PSPNG - Bert

structured changelog consumer propotype provisioner

processed them 

Start batch does pre work

then individual entries churn thru

then end batch (when all the changes get implemented)

If this is followed, it is fast to process changes very quickly

Bert did this for AD first

entitlement based provisioning 

then other object classes out of AD

Focusing on membership provisioning right now, attributes coming after memberships

For Azure: how many messages at once?

Jim not sure , will find out

[AI] (Jim) investigate how many messages Azure can handle

SQS: only ten at a time

Two use cases:

-users with dozen of entitlements

-adding a new group where there are dozens of members going into same group

Jim: Amazon increased size of messages  that can be sent

You may want to also look into: 

Building and packaging -Misagh

Can Build w Gradle effectively

Several modules now build

now working on the Grouper web app and Grouper UI

to build a war that is functional via Gradle

Regarding the jar issue, Misagh has removed every jar from repo , except two

all but 2 being removed from Maven repositories

Hibernate jar uploaded to sonatype in our namespace?

grouper ui and ws need to make a warfile?

what is required to add a module?


  • build.gradle for local

    • all dependencies required for building

  • grouper parent settings.gradle file to add it in there


Gradle branch in internet2

There is Gradle branch on github

some checking to do on modules not in maven - what should be their fate?

[AI] (Shilen or Chris) need to refactor hibernate customizations so they can be built/deployed in grouper namespace.

War file build process:

-Misagh: Theoretically, provide just a war file

-Chris: What about config files/jsps/etc?

-Bert: What about keeping config files outside of war? Chris wrote email Nov 12 “Grouper Newbie Question”

--Deployment could unzip packaged war, merge external configs, repackage

External Jars/Bits (eg, cas, duo, etc libs):


-Part of grouper tarball, or could be packaged into war file (in WEB-INF/xyz)



·         Vivek: WS

 Issue roundup


·        Non standard jars

·        Tomcat 7/8 patch

·        Grouper newbie questions

·        LDAP loader addIncludeExclude on SIMPLE job

·        Question about JVMs and keeping config files in sync

Grouper in Multiple Environments: Use ant to make changes to default files

Common newbie problem


·        Security XSS concern


Email came in yesterday. Chris create patch, Vivek sanity checked it


Instead of selective announcement, decided to send announcement to grouper-users so everyone had an equal chance of addressing problem. Particularly appropriate because the word is out once there is a github commit.

Problem had some mitigations (users needed to have permission to add attributes to groups)


There aren’t often security concerns within Grouper.

Perhaps learn from Shibboleth process, so we don’t have to be creative each time

-[AI] (Jim) Start drafting a more detailed process for security concern handling 

·        Security form on confluence removed (submit to grouper-core?)

·        grouper_aval_asn_efmship_v view


·        convertAdMemberDnToSpecificValue pull request (AI chris to merge back)


·        grouper and mailing list discussion


Let list server keep track of opt-outs (mailman, others?)

·        pull request merging and formatting (use standard, only change code you need to change)


·        loader performance woes [Dozen groups took ~18 minutes] (AI add logging strategy to next dev call)

Would better logging help?

·        sync grouper with duo


·        selective provisioning to ldap with attribute (AI for Bert to followup)



-renaming packages of external jars in client (and installer?): [AI: Chris to put on agenda for Next Call]

Emily Eisbruch, Work Group Lead, Trust and Identity

office: +1-734-352-4996 | mobile +1-734-730-5749

  • [grouper-dev] Notes: Grouper call of Nov. 18, 2015, Emily Eisbruch, 11/18/2015

Archive powered by MHonArc 2.6.16.

Top of Page