Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] SPML2 and understanding the psp-resolver.xml file

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] SPML2 and understanding the psp-resolver.xml file


Chronological Thread 
  • From: David Langenberg <>
  • To: David Vezzani <>
  • Cc: "" <>, Brian Koehmstedt <>, John Kamminga <>
  • Subject: Re: [grouper-users] SPML2 and understanding the psp-resolver.xml file
  • Date: Thu, 2 Oct 2014 11:19:38 -0600

Hi Dave,

The plans for the post-PSP world are being written/discussed/firmed up here:


I welcome any comments, criticisms, suggestions, etc.

Dave


On Thu, Oct 2, 2014 at 10:59 AM, David Vezzani <> wrote:
Dave,

Thanks for your response.  I think it is important to know that there are plans for retiring the PSP tool.  In creating our group management solution, we are hoping to use as much code that is supported and is planned to be supported in the future.

Your suggestions for how to better understand PSP are much appreciated.

That being said, what would take the place of PSP as the suggested tool for provisioning groups to target LDAPs?

Dave

David Vezzani



On Oct 2, 2014, at 9:48 AM, David Langenberg <> wrote:

Probably the best way to understand what that psp-resolver.xml is controlling is to first understand Shibboleth and how its attribute-resolver works. The PSP is using the Shibboleth Attribute Resolver to handle looking up the provisioned information, group source information and also perform necessary transformations to make the two systems (grouper and target) comparable. 


I really wouldn't try to generate SPML & feed it directly to the PSPs LDAP Target class, though in theory it could work.  As for the source for OpenSPML, the OpenSPML library upon which the PSP relies is no longer maintained.  I managed to grab a copy of the source at one time and keep a fork of it here:


This is yet another reason why the PSP is going to be retired soon.

Dave

On Thu, Oct 2, 2014 at 10:25 AM, David Vezzani <> wrote:
I’m still trying to understand what the PSP does exactly.  I’m running through the video tutorials and I’m not getting the same end result as Patel.  I figure I would be able to resolve the issue with some slight modifications to the PSP configuration files.  I admit that https://spaces.internet2.edu/display/Grouper/Grouper+Provisioning has definitely helped me get a better understanding of how PSP works, but I’m not finding the detail I need to understand with enough depth so that I actually know what I’m doing when I make changes to the PSP configuration.

To start, I want to make sure I understand the big picture.

PSP is used to provision groups with assigned members by generating SPML2 xml packets that somehow get converted to LDIF which is presented to the target LDAP.  Is this a fair statement?

I am currently looking for a SPML2 client I can use to test SPML2 packets with my target LDAP.  I see that Grouper comes packaged with a JAR that provides org.openspml.v2.client.Spml2Client , but I haven’t found the source or documentation yet on how to use it.  I already verified it is different from a SpmlClient class I found on Oracle’s site.  I am hoping that being somewhat familiar with SPML2 will increase my knowledge base so I can better understand the PSP configuration files, especially the psp-resolver.xml file.

David Vezzani






--
David Langenberg
Identity & Access Management
The University of Chicago




--
David Langenberg
Identity & Access Management
The University of Chicago



Archive powered by MHonArc 2.6.16.

Top of Page