grouper-users - Re: [grouper-users] Troubles with Google provisioning
Subject: Grouper Users - Open Discussion List
List archive
- From: John Gasper <>
- To: Christopher Sutherin <>, <>
- Subject: Re: [grouper-users] Troubles with Google provisioning
- Date: Tue, 18 Apr 2017 15:31:02 -0700
- Ironport-phdr: 9a23:HZQ9nxZ6LWLVP7b4PYhvC8D/LSx+4OfEezUN459isYplN5qZr8S4bnLW6fgltlLVR4KTs6sC0LuI9fqxEjVbqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdzIRmsswncssYajZZsJ60s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlTwKPCAl/m7JlsNwjbpboBO/qBx5347Ue5yeOP5ncq/AYd8WWW9NU8BMXCJDH4y8dZMCAOQPM+hFr4fzuVgArRW8CgajGOzi0SVHimPz3aAgz+gsCwPL0Qo9FNwOqnTUq9D1Ob8WX+CyzKnIyyjIYfJM1jfm8IjHbAohquyLULJyfsre01IvFxvbgVWKsoHlIjWV1uURvGic6epsT+SvhHA7qwxopDWk28kiio7Mho0Py1DE8z10wJswJdKjVEF3e8CrH4ZNty2CKYR3TdktQ2RwuCY+1LIKo5m7fDIFyJkh2hXRaOSHfpCI7x/sTuqcIyp0iGh4dL+/hhu+61asxvP9W8Ws0ltGsDBJnsfRun0NzRDf9NSLR/Rn8ku81juDywbe4fxeL08uj6rUMZshz6YwlpUNtUTDGTf7mUT3jK+TbUok4PKn5/76YrXgp5+TK4h0igfkPqQohMO/Hfw0MgkIX2eF5eSxzL3u8ELjTLhIk/E6iLTVvZDbKMgBuKK1HQ5Y3p4m6xmlDjem1NoYnWMALFJAYB+HjYfpNEvVIPDgE/i/mU+hkCptx/DHIrLhBZPNImLFkLj/YbZx81RcxxYrzdBD+5JUDakMIP3pWk/2qdzYFgE2Mxatz+b6E9VyyJkeWXmUD6+dMaPSqkOI5vkxL+WWZY8Vvir9JOY/5/7ok3A5hUERcbO30pQKdXDrVshhdm6Ze3v3ntAZEWoQ9jEjUOznklyEGWpYZ2yzRLkU+zQxA8SrAZqVAsj5j6aGwT+2BNhLfW1cEXiNF2vlbYOJR61KZS6PdJxPiDsBAJqmS4lp+hi1rALgg+5lIePP4iACnY/l1dNy4avVmA1kpm88NNiUz2zYFzI8pWgPXTJjmfkn+UE=
There maybe other issues too, but changeLog.consumer.googleapps.serviceImpersonationUser has to be a real account on the domain. This is the account that will be labelled in the logs, etc as the creator/editor. Otherwise I’d double check the grants. needs to be granted admin and group settings api access. -- John Gasper From: <> on behalf of Christopher Sutherin <> Hi, I’ve been trying test Grouper provisioning to Google. I’v compile the google-apps-provisioner-1.2.0 and placed it in cust/lib of the Grouper API home. My grouper-loader.properties has the following entries: # googleapps-grouper-provisioner #This tells Grouper which class to invoke when running the change log consumer. It is required if using the change log consumer functionality. changeLog.consumer.googleapps.class = edu.internet2.middleware.changelogconsumer.googleapps.GoogleAppsChangeLogConsumer # You may optional override the default time that the Grouper Loader invokes the consumer. changeLog.consumer.googleapps.quartzCron = 0 * * * * ? # The Google managed domain name. (e.g. example.org) changeLog.consumer.googleapps.domain = umbc.edu #The service account email address created by Google. changeLog.consumer.googleapps.serviceAccountEmail = #The path of the PKCS12 file created and downloaded from Google. The OS account running the Grouper Loader process or full sync functionality needs to have read permissions to this file. Access to this file should be limited. changeLog.consumer.googleapps.serviceAccountPKCS12FilePath = /opt/grouper/conf/umbc-grouper-provisioner-de039f2d97eb.p12 #This is the account that all actions will be made by. It needs to exists and will be the creator and modifier account associated with the Google auditing logs. changeLog.consumer.googleapps.serviceImpersonationUser = Our Google Apps admin said he has configured it as stated in the documentation. I receive the following error: 2017-04-17 13:50:59,583: [main] ERROR GoogleAppsFullSync.processMissingGroups(342) - - Google Apps Consume 'googleapps' Full Sync - Error adding missing group (): 403 Forbidden { "code" : 403, "errors" : [ { "domain" : "global", "message" : "Not Authorized to access this resource/api", "reason" : "forbidden" } ], "message" : "Not Authorized to access this resource/api" } Thanks for any help, Chris Chris Sutherin , DB/PS Admin, Business Systems |
- [grouper-users] Troubles with Google provisioning, Christopher Sutherin, 04/17/2017
- Re: [grouper-users] Troubles with Google provisioning, John Gasper, 04/18/2017
Archive powered by MHonArc 2.6.19.