Grouper Users - Open Discussion List

[Chris Hyzer <>]

Were you able to make progress on this?

 

From: Jeremy Wickham [mailto:]
Sent: Tuesday, November 01, 2011 3:44 PM
To: ; Chris Hyzer
Subject: RE: [grouper-users] Kuali and Grouper Integration

 

We are using the latest Kuali Rice release, 1.0.3.3. If I were to comment out the overrides in grouperKimOverride.xml I am able to initiate the documents.

 

Now that you say the Kuali API more than likely changed, I have a starting point to look.

 

Let's see if I can uncover most of my findings. When Grouper returns back after login, the actualPerson object in the Kuali UserSession has:

entityId = jdbc::::jrw16

entityTypeCode = PERSON

principalId = jdbc::::jrw16

principalName = jrw16

 

I know these conflict with what we had initially loaded into KIM. Our entityId and principalId were the same, but they were our unique identifier coming from our main enterprise system. Does this conflict with the roles and permissions?

>>> Chris Hyzer <> 11/1/2011 1:51 PM >>>

Which version of Kuali are you using?  Any chance you can use 1.0.2.1?  J  The connector is flexible with what version of Grouper you use, but the Kuali API seems to change LOT from release to release (even point releases).

I think your config looks ok…   I assume your permissions and roles are in Rice right?

 

Here is my config:

 

##############################

## Kuali Group Settings

##############################

 

grouper.kim.kimGroupIdToGrouperName_1 = someFolder:kualiRice:etc:kualiAdmins

 

 

##############################

## Kuali Identity settings

##############################

 

kuali.identity.source.id.0 = pennperson

kuali.identity.source.nameAttribute.0 = description

kuali.identity.source.identifierAttribute.0 = PENNNAME

kuali.identity.source.emailAttribute.0 = EMAIL

kuali.identity.source.entityTypeCode.0 = PERSON

 

# separate a sourceId from a subjectId or sourceId

kuali.identity.sourceSeparator = ::::

 

# Stem where KIM groups are.  The KIM namespace is underneath, then the

# group.  Wont break anything, but better to not have trailing colon

kim.stem = someFolder:kualiRice

 

# if there is this subjectId from grouper, dont untranslate to put sourceId::::subjectId

# multiple, comma separated

kuali.identity.ignoreSourceAppend.subjectIds = admin

 

###############################

# group requird on login (if using the grouper kuali authenticator

kuali.authn.require.group = someFolder:activeNonAlumniWithPennname

 

 

 

 

From: [mailto:] On Behalf Of Jeremy Wickham
Sent: Tuesday, November 01, 2011 2:39 PM
To:
Subject: [grouper-users] Kuali and Grouper Integration

 

I have installed the Grouper Connector into Kuali. I am able to log into Kuali, but I do not seem to have any authorization documents. It is somehow not following my permissions and roles that I have defined.

 

When we first installed Kuali we decided that the entity id and principal id were to be the same and will be our unique identifier, and the principal name was going to be the username.

 

I have been put on the fast track to see if I can get this working pretty quickly so I am positive that I am overlooking something simple. I also have kept a lot of the default values. Below I have added the grouper.client.properties that I have changed the the grouper-ws.properties.

 

grouper.client.properties (Which resides in Kuali)

########################################
## Grouper Kim Connector
########################################

 

grouper.kim.plugin.subjectSourceId = jdbc

grouper.kim.plugin.subjectSourceIds =

kim.stem = msstate:apps:kuali:kim

grouper.types.of.kim.groups =

##############################
## Kuali Identity settings

 

kuali.identity.source.0 = jdbc
kuali.identity.nameAttribute.0 = name
kuali.identity.identifierAttribute.0 = loginid
kuali.identity.source.emailAttribute.0 = EMAIL
kuali.identity.source.entityTypeCode.0 = PERSON

 

# separate a sourceId from a subjectId or sourceId
kuali.identity.sourceSeparator = ::::

 

grouper-ws.properties

ws.subject.result.detail.attribute.names = name, description, loginId, EMAIL

 

Thank you for your help!

Cheers!

 

 

 

 

Jeremy Wickham
Senior Programmer Analyst
Enterprise Information Systems

(662) 325-9173