Grouper Users - Open Discussion List

["Bush,Judith" <>]

I am investigating whether grouper can meet an SP use case.

 

Libraries are our  customers. The librarians classify users for access purposes using rules that act on the claims made about the user in the authentication response the application receives.  Essentially, users are put into groups. Obviously, if every library had an idp with grouper, the librarians could work with the IDP to classify the users for access purposes. However, not all do.

 

For our customers who need rules run against IDP assertions, would grouper have an on-demand mode? A call is made to grouper with the attributes and grouper responds with the claims?

 

Is it conceivable to  provisioned the user from the claims, trigger grouper to evaluate the user, and then call grouper to get the user’s groups?

 

Thanks for your insights,

 

Judith Bush

Identity and Access Management Architect at OCLC