grouper-users - [grouper-users] FW: Configure attributes for Grouper-WS calls
Subject: Grouper Users - Open Discussion List
List archive
- From: "Klug, Lawrence" <>
- To: "" <>
- Cc: "Schreiber, Bernard" <>
- Subject: [grouper-users] FW: Configure attributes for Grouper-WS calls
- Date: Tue, 9 Oct 2012 16:39:49 +0000
- Accept-language: en-US
|
Chris, Yes, the issue was resolved - What was the cause? Well I have multiple instances and projects, Maven, ANT, etc., on multiple VMs, and I believe I was working with the wrong file during testing. So this is a case of my error. The good news is – Plone notifications are working! Basically we have written a Change Log Consumer that identifies events with a Plone target attribute. We use HTTPClient to send messages to Plone advising
to update or delete specific Groups based on these events. It’s pretty cool. If anyone is interested, I’ll post the details on the community page. I want to extend special thanks to Chris and Shilen for their excellent support. Lawrence From: Chris Hyzer [mailto:]
Did you do something to make it work? Can you send a quick note to the list so people know it is resolved? Thanks, Chris From: Klug, Lawrence
Okay, it’s working now. gsh 0% GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: 1b984a30dc5448109f7007567614e50e,'GrouperSystem','a pplication' gsh 1% SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD 9F3", "ldap", true).getAttributes().keySet(); uclauniversityid sn uclalogonid dn displayname edupersonprincipalname edupersonaffiliation uclaofficialemail uclappid cn gsh 2% SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9 F3", "ldap", true).getAttributeValue(“uclaofficialemail”); gsh 3% From: Chris Hyzer []
Right, if its not in the GSH call, it wont be in the WS call… From: Schreiber, Bernard
Also, the following url: returns the values for uclalogonid, cn and uclauniversityid but the email address is not returned. I tried uclaOfficialEmail (camelcase) as well as all upper and all lowercase. From: Klug, Lawrence Chris, Here is our JNDI section from sources.xml. Do I just add an init param called “Email_AttributeType” with a value of uclaOfficialEmail? <!-- JNDI Person Resolver ( from previous grouper project) --> <source
adapterClass="edu.internet2.middleware.grouper.subj.GrouperJndiSourceAdapter">
<id>ldap</id>
<name>ED
Source Adapter</name>
<type>person</type>
<init-param>
<param-name>INITIAL_CONTEXT_FACTORY</param-name>
<param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
</init-param>
<init-param>
<param-name>PROVIDER_URL</param-name>
<param-value>somehost.edu:389</param-value>
</init-param>
<init-param>
<param-name>SECURITY_AUTHENTICATION</param-name>
<param-value>simple</param-value>
</init-param>
<init-param>
<param-name>SECURITY_PRINCIPAL</param-name>
<param-value>uid=ldappc,ou=edimi
consumers,dc=edtest,dc=ucla,dc=edu</param-value>
</init-param>
<init-param>
<param-name>SECURITY_CREDENTIALS</param-name>
<param-value>password</param-value>
</init-param>
<init-param> <param-name>SubjectID_AttributeType</param-name>
<param-value>uclaPPID</param-value>
</init-param>
<init-param>
<param-name>Name_AttributeType</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>Description_AttributeType</param-name>
<param-value>displayName</param-value>
</init-param>
<init-param>
<param-name>SubjectID_formatToLowerCase</param-name>
<param-value>false</param-value>
</init-param>
/// Scope Values can be: OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE
/// For filter use
<search>
<searchType>searchSubject</searchType>
<param>
<param-name>filter</param-name>
<param-value> (& (uclaPPID=%TERM%)(objectclass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value> SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value> ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>
</search>
<search>
<searchType>searchSubjectByIdentifier</searchType>
<param>
<param-name>filter</param-name>
<param-value> (&(|(uclaPPID=%TERM%)(uclaLogonID=%TERM%)(uclaUniversityID=%TERM%)(edupersonprincipalname=%TERM%))(objectClass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value> SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value> ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>
</search>
<search>
<searchType>search</searchType>
<param>
<param-name>filter</param-name>
<param-value> (&(|(cn=*%TERM%*)(uclaLogonID=%TERM%)(uclaPPID=%TERM%)(uclaUniversityID=%TERM%))(objectClass=person))
</param-value>
</param>
<param>
<param-name>scope</param-name>
<param-value> SUBTREE_SCOPE
</param-value>
</param>
<param>
<param-name>base</param-name>
<param-value> ou=people,dc=edtest,dc=ucla,dc=edu
</param-value>
</param>
</search>
<init-param>
<param-name>subjectVirtualAttribute_0_searchAttribute0</param-name>
<param-value>${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uid'),
"")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('cn'), "")},${subjectUtils.defaultIfBlank(subject.getAttributeValueOrCommaSeparated('uclaPPID'), "")}</param-value>
</init-param>
<init-param>
<param-name>sortAttribute0</param-name>
<param-value>cn</param-value>
</init-param>
<init-param>
<param-name>searchAttribute0</param-name>
<param-value>searchAttribute0</param-value>
</init-param>
<internal-attribute>searchAttribute0</internal-attribute> ///Attributes you would like to display when doing a search
<attribute>cn</attribute>
<attribute>sn</attribute>
<attribute>displayname</attribute>
<attribute>uclalogonid</attribute>
<attribute>edupersonprincipalname</attribute> <attribute>uclauniversityid</attribute>
<attribute>edupersonaffiliation</attribute>
<attribute>uclaOfficialEmail</attribute>
</source> From: Chris Hyzer []
Check the sources.xml in WEB-INF/classes for the email attribute… also I think it is not: SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F3", "ldap", true).getAttributes().uclaofficialemail It is: SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F3", "ldap", true).getAttributes().getAttributeValue(“uclaofficialemail”); Thanks, Chris From: Klug, Lawrence
This is what I’m getting. It’s not recognizing the uclaofficialemail – must not be configured. gsh 2% SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD 9F3", "ldap", true).getAttributes().keySet(); uclauniversityid sn uclalogonid dn displayname edupersonprincipalname edupersonaffiliation uclappid cn gsh 3% SubjectFinder.findByIdAndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD 9F3", "ldap", true).getAttributes().uclaofficialemail // Error: unable to evaluate command: Sourced file: inline evaluation of: `` SubjectFinder.findByIdA ndSource("urn:mace:ucla.edu:ppid:person:C4196E1230C94521 . . . '' : reflection error: bsh.ReflectErr or: No such field: uclaofficialemail From: Chris Hyzer []
It’s a subject API config problem. Open GSH from the WEB-INF/bin of your WS deployment, and try to resolve a subject and get the email out of it. Then tweak your sources.xml or your attribute name until it
works. Ok? J gsh 0% GrouperSession.startRootSession(); edu.internet2.middleware.grouper.GrouperSession: 9a07d48c89604a2ca772945d4b57fdd0,'GrouperSystem','application' gsh 1% SubjectFinder.findByIdAndSource("10021368", "pennperson", true).getAttributeValue("EMAIL"); gsh 3% SubjectFinder.findByIdAndSource("10021368", "pennperson", true).getAttributes().keySet(); name_last_public preferred_first_name first_name name_first_public name_public email_public pennname email description_lower last_name eppn gsh 4% Note, in the last call, I think they are toLowered()… I think we made the names case-insensitive recently… Thanks, Chris From: Klug, Lawrence
Hi Chris, Now we are getting one of our two attributes. uclaLoginID is coming, but uclaOfficialEmail is not (see below). What are we doing wrong? Thanks, Lawrence ws.subject.result.detail.attribute.names = UCLAOFFICIALEMAIL,UCLALOGINID {"WsGetMembersLiteResult":{"responseMetadata":{"millis":"4454","serverVersion":"2.1.2"},"resultMetadata":{"resultCode":"SUCCESS","resultMessage":"Success for: clientVersion: 2.1.1, wsGroupLookups: Array size: 1:
[0]: WsGroupLookup[pitGroups=[],groupName=ucla:apps:cms:it:bernard_test]\n\n, memberFilter: All, includeSubjectDetail: false, actAsSubject: null, fieldName: null, subjectAttributeNames: Array size: 2: [0]: uclaofficialemail\n[1]: uclalogonid\n\n, paramNames:
\n, params: null\n, sourceIds: null\n, pointInTimeFrom: null, pointInTimeTo: null","success":"T"},"subjectAttributeNames":["uclaofficialemail","uclalogonid"],"wsGroup":{"description":"bernard testing","displayExtension":"Bernard Test","displayName":"UCLA:Applications:CMS:IT:Bernard
Test","extension":"bernard_test","name":"ucla:apps:cms:it:bernard_test","typeOfGroup":"group","uuid":"cc1efd71af924a76bd3350928015415b"},"wsSubjects":[{"attributeValues":["","lklug"],"id":"urn:mace:ucla.edu:ppid:person:C4196E1230C9452191D7E416FC4BD9F3","name":"KLUG,
LAWRENCE","resultCode":"SUCCESS","sourceId":"ldap","success":"T"}]}} From: Chris Hyzer []
I just tried this in our test system and it worked fine: ws.subject.result.attribute.names = PENNNAME, EMAIL [mchyzer@flash pennGroupsClient-2.0.0]$ java -jar grouperClient.jar --operation=getSubjectsWs --pennKeys=mchyzer --debug=true ################ REQUEST START (indented) ############### POST /grouperWs/servicesRest/v2_0_000/subjects HTTP/1.1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxx User-Agent: Jakarta Commons-HttpClient/3.1 Host: medley-test03.isc-seo.upenn.edu:-1 Content-Length: 171 Content-Type: text/xml; charset=UTF-8 <WsRestGetSubjectsRequest> <wsSubjectLookups> <WsSubjectLookup> <subjectIdentifier>mchyzer</subjectIdentifier> </WsSubjectLookup> </wsSubjectLookups> </WsRestGetSubjectsRequest> ################ REQUEST END ############### ################ RESPONSE START (indented) ############### HTTP/1.1 200 OK Date: Mon, 08 Oct 2012 18:01:06 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8o proxy_html/3.1.2 mod_jk/1.2.31 PHP/5.2.17 Set-Cookie: JSESSIONID=xxxxxxxxxxxx; Secure X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE Vary: Accept-Encoding Content-Length: 728 Connection: close Content-Type: text/xml;charset=UTF-8 <WsGetSubjectsResults> <subjectAttributeNames> <string>PENNNAME</string> <string>EMAIL</string> </subjectAttributeNames> <wsSubjects> <WsSubject> <identifierLookup>mchyzer</identifierLookup> <resultCode>SUCCESS</resultCode> <success>T</success> <id>10021368</id> <name>Michael Christopher Hyzer</name> <sourceId>pennperson</sourceId> <attributeValues> <string>mchyzer</string> <string>> </attributeValues> </WsSubject> </wsSubjects> <resultMetadata> <resultCode>SUCCESS</resultCode> <resultMessage>Queried 1 subjects</resultMessage> <success>T</success> </resultMetadata> <responseMetadata> <resultWarnings></resultWarnings> <millis>12088</millis> <serverVersion>2.1.1</serverVersion> </responseMetadata> </WsGetSubjectsResults> ################ RESPONSE END ############### From: Chris Hyzer
You should be able to set these in the grouper-ws.properties referencing attributes from the source.xml (note, maybe they have to be in all CAPS): # subject attribute names to send back when a WsSubjectResult is sent, comma separated # e.g. name, netid # default is none ws.subject.result.attribute.names =
# subject result attribute names when extended data is requested (comma separated) # default is name, description # note, these will be in addition to ws.subject.result.attribute.names ws.subject.result.detail.attribute.names =
The former is by default. The latter is when the called says they want subject details.
We aren’t using those right now, so hopefully it works. And callers should be able to request ones which aren’t there: [mchyzer@flash pennGroupsClient-2.0.0]$ java -jar grouperClient.jar --operation=getSubjectsWs --pennKeys=mchyzer --subjectAttributeNames=EMAIL,PENNNAME --debug=true DEBUG: Reading resource: grouper.client.properties, from: /home/mchyzer/grouper/pennGroupsClient-2.0.0/grouper.client.properties DEBUG: WebService: connecting as user: 'something/school.edu' DEBUG: WebService: connecting to URL: 'https://grouper.school.edu/grouperWs/servicesRest/v2_0_000/subjects' ################ REQUEST START (indented) ############### POST /grouperWs/servicesRest/v2_0_000/subjects HTTP/1.1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxx User-Agent: Jakarta Commons-HttpClient/3.1 Host: medley.isc-seo.upenn.edu:-1 Content-Length: 265 Content-Type: text/xml; charset=UTF-8 <WsRestGetSubjectsRequest> <subjectAttributeNames> <string>EMAIL</string> <string>PENNNAME</string> </subjectAttributeNames> <wsSubjectLookups> <WsSubjectLookup> <subjectIdentifier>mchyzer</subjectIdentifier> </WsSubjectLookup> </wsSubjectLookups> </WsRestGetSubjectsRequest> ################ REQUEST END ############### ################ RESPONSE START (indented) ############### HTTP/1.1 200 OK Date: Mon, 08 Oct 2012 17:49:52 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8o mod_jk/1.2.31 PHP/5.2.17 Set-Cookie: JSESSIONID=xxxxxxxxxxxx; Secure X-Grouper-resultCode: SUCCESS X-Grouper-success: T X-Grouper-resultCode2: NONE Vary: Accept-Encoding Content-Length: 727 Connection: close Content-Type: text/xml;charset=UTF-8 <WsGetSubjectsResults> <subjectAttributeNames> <string>EMAIL</string> <string>PENNNAME</string> </subjectAttributeNames> <wsSubjects> <WsSubject> <identifierLookup>mchyzer</identifierLookup> <resultCode>SUCCESS</resultCode> <success>T</success> <id>10021368</id> <name>Michael Christopher Hyzer</name> <sourceId>pennperson</sourceId> <attributeValues> <string>> <string>mchyzer</string> </attributeValues> </WsSubject> </wsSubjects> <resultMetadata> <resultCode>SUCCESS</resultCode> <resultMessage>Queried 1 subjects</resultMessage> <success>T</success> </resultMetadata> <responseMetadata> <resultWarnings></resultWarnings> <millis>1262</millis> <serverVersion>2.1.1</serverVersion> </responseMetadata> </WsGetSubjectsResults> ################ RESPONSE END ############### DEBUG: Output template: Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id} , available variables: wsGetSubjectsResults, grouperClientUtils, index, wsSubject, wsGroup, success Index: 0: success: T, code: SUCCESS, subject: 10021368 DEBUG: Elapsed time: 2238ms [mchyzer@flash pennGroupsClient-2.0.0]$ From: Schreiber, Bernard []
Information on how to do both would be great. For now all calls will need a custom login id and email address so definitely need to know how to configure it by default. From: Chris Hyzer [] You can do this by default, or only when the caller requests it. Which do you want? Thanks, Chris From:
[]
On Behalf Of Klug, Lawrence We want to configure grouper so that it returns specific attributes (for example, email address) using Grouper-WS REST calls. Does this require special config, because so far it’s not working for us. Thanks, Lawrence |
- [grouper-users] Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/08/2012
- Message not available
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- Message not available
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/09/2012
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- [grouper-users] FW: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/09/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Klug, Lawrence, 10/09/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
- [grouper-users] RE: Configure attributes for Grouper-WS calls, Chris Hyzer, 10/08/2012
Archive powered by MHonArc 2.6.16.