Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Grouper Duo integration

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Grouper Duo integration


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>
  • Subject: [grouper-users] Grouper Duo integration
  • Date: Wed, 18 Nov 2015 15:41:50 +0000
  • Accept-language: en-US

I wrote a change log consumer to sync groups from Grouper to Duo.  Let me know if you are interested in using this.  Currently it is in v2.1 though I will be merging it forward to v2.2+ shortly.  Let me know if you are interested in using this.

 

https://spaces.internet2.edu/display/Grouper/Grouper+Duo+integration

 

Grouper has a change log consumer which can sync a folder in grouper and use the extensions of groups in the folder as group names in Duo.  It will also sync the group description to Duo. There is a daemon which will run periodically for a full refresh (nightly?).  The change log consumer will sync changed real time.

Why use this?

You can have groups in Duo which are required for integrations.  This is another layer of authorization and deprovisioning for your systems.  For instance, you could have a group for your IT department, and require that group for your IT dept VPN, RDP, SSH.  Someone not in that group would not be able to use those resources at the Duo level.

Configure

grouper-loader.properties

# these are properties to add to grouper-loader.properties

# group duo admin domain name credentials

grouperDuo.adminIntegrationKey =

grouperDuo.adminSecretKey =

grouperDuo.adminDomainName = 

 

# put groups in here which go to duo, the name in duo will be the extension here

grouperDuo.folder.name.withDuoGroups = a:b:c

 

 

# put the comma separated list of sources to send to duo

grouperDuo.sourcesForSubjects = someSource

 

 

# either have id for subject id or an attribute for the duo username (e.g. netId)

grouperDuo.subjectAttributeForDuoUsername = id

 

 

#quartz cron-like schedule for daily duo full sync, the default is 7am every day: 0 0 5 * * ?

#blank for dont schedule

grouperDuo.daemonCron = 0 0 5 * * ?

 

 

# set to true to not run daemons here

grouperDuo.dontRunDaemonsHere = false

 

 

# if this is run in a cluster and should only run on certain nodes, set the name(s) here (from hostname command)

grouperDuo.runOnlyOnServerNames =

 

 

# is grouper the true system of record, delete duo groups which dont exist in grouper

grouperDuo.deleteGroupsInDuoWhichArentInGrouper = true

 

 

# configure the duo change log consumer

changeLog.consumer.duo.class = edu.internet2.middleware.grouperDuo.GrouperDuoChangeLogConsumer

 

 

#the quartz cron is a cron-like string.  it defaults to every minute on the minute (since the temp to change log job runs

#at 10 seconds to each minute).  it defaults to this: 0 * * * * ?

#though it will stagger each one by 2 seconds

# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger

changeLog.consumer.duo.quartzCron =

 

 

Thanks,

Chris


Archive powered by MHonArc 2.6.16.

Top of Page