Grouper Users - Open Discussion List

["Black, Carey M." <>]

Beth,

 

Not much of an answer.. but I find it unfortunately "normal" to see stuff like this in "API"s....  ( Sloppy docs, and/or sloppy API's...)

  https://docs.microsoft.com/en-us/search/?scope=graph&view=graph-rest-1.0&terms=HiddenMembership

                There are 3 separate forms of "HiddenMembership" in those M$ docs.

               

                "HiddenMembership" : https://docs.microsoft.com/en-us/graph/api/group-post-groups

                "Hiddenmembership" : https://docs.microsoft.com/en-us/graph/api/resources/group

                "hiddenMembership" : https://docs.microsoft.com/en-us/graph/changelog

 

 

The error you are reporting looks like a JSON parser error to my eye.

                But I don't know (100% certain) if that is before the client sent a string, or after the client got a message back from M$.

 

Based on a quick read of the Grouper code it looks like it only is using the "Hiddenmembership" form ( in edu.internet2.middleware.grouper.changeLog.consumer.o365.model.Group ).

 

So that string likely is coming back from o365 and not matching the "Hiddenmembership".

But my read of the official o365 docs seems to suggest that "Hiddenmembership" is the correct string. So maybe they are sending back an invalid value?

 

 

And to be fair and complete...

                https://spaces.at.internet2.edu/display/Grouper/Grouper+Azure+provisioner

                                has: "public private, and hiddenmembership", "[Public* | Private | Hiddenmembership]" and "Private, Public, HiddenMembership,".

 

 

So yea... The defintion is "clear as mud" for the correct value for that string. 😊

 

--

Carey Matthew

 

-----Original Message-----
From: <> On Behalf Of Beth Halsema
Sent: Friday, July 24, 2020 3:47 PM
To:
Subject: [grouper-users] New Office 365 Consumer Log and Unified Groups

 

 

Our team is attempting to use the new Office 365 consumer log to maintain

course groups in Office 365.

 

We had successfully done so using the security groups; however, we wanted

to use the "Hiddenmembership" Unified groups in order to comply with

FERPA regulations and support the collaboration team's need to create

Microsoft Teams from these groups.

 

We modified the values in the grouper-loader.properties file:

 

changeLog.consumer.o365.class = edu.internet2.middleware.grouper.changeLog.consumer.Office365ChangeLogConsumer

# fire every 5 seconds

changeLog.consumer.o365.quartzCron = 0,5,10,15,20,25,30,35,40,45,50,55 * * * * ?

changeLog.consumer.o365.syncAttributeName = etc:attribute:office365:o365Sync

changeLog.consumer.o365.retryOnError = true

changeLog.consumer.o365.tenantId = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

changeLog.consumer.o365.clientId = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

changeLog.consumer.o365.clientSecret = :)

changeLog.consumer.o365.domain = domain.purdue.edu

changeLog.consumer.o365.idAttribute = uid

#changeLog.consumer.o365.upnAttribute =

changeLog.consumer.o365.groupJexl = group.name.replaceAll("^app:office365:groups:courses:service:policy:","GROUPER-courses-")

#changeLog.consumer.o365.mailNicknameJexl =

#changeLog.consumer.o365.descriptionJexl =

#changeLog.consumer.o365.subjectJexl =

#changeLog.consumer.o365.groupType = [Security* | Unified]

changeLog.consumer.o365.groupType = Unified

#changeLog.consumer.o365.visibility = [Public* | Private | Hiddenmembership]  * Only works with Unified groups

changeLog.consumer.o365.visibility = Hiddenmembership

#changeLog.consumer.o365.proxyType = [http | socks]

#changeLog.consumer.o365.proxyHost =

#changeLog.consumer.o365.proxyPort =

 

I modified the file

 

                /opt/grouper/grouperWebapp/WEB-INF/classes/log4j.properties

 

in our Docker containers in order to increase the logging.

 

                log4j.logger.edu.internet2.middleware.grouper.changeLog.consumer.Office365ChangeLogConsumer = DEBUG

 

The outcome was:

 

1. The groups are created in Office 365.  According to the Office 365

   admin portal, we created Microsoft 365 HiddenMembership groups.

 

   No owners and no members.

 

   In the logs/grouper_daemon.log file, the following error is logged:

 

Did not get all the way through the batch! 1848027 != 1848101java.lang.RuntimeException: Error in loader job: null, check logs: Error: o365 threw an exception processing change log entry sequence number 1848027., sequenceNumber: 1848027, com.squareup.moshi.JsonDataException: Expected one of [Public, Private, Hiddenmembership] but was HiddenMembership at path $.visibility

                at com.squareup.moshi.StandardJsonAdapters$EnumJsonAdapter.fromJson(StandardJsonAdapters.java:258)

                at com.squareup.moshi.StandardJsonAdapters$EnumJsonAdapter.fromJson(StandardJsonAdapters.java:227)

                at com.squareup.moshi.JsonAdapter$2.fromJson(JsonAdapter.java:137)

                at com.squareup.moshi.ClassJsonAdapter$FieldBinding.read(ClassJsonAdapter.java:194)

                at com.squareup.moshi.ClassJsonAdapter.fromJson(ClassJsonAdapter.java:156)

                at com.squareup.moshi.JsonAdapter$2.fromJson(JsonAdapter.java:137)

                at retrofit2.converter.moshi.MoshiResponseBodyConverter.convert(MoshiResponseBodyConverter.java:45)

                at retrofit2.converter.moshi.MoshiResponseBodyConverter.convert(MoshiResponseBodyConverter.java:27)

                at retrofit2.OkHttpCall.parseResponse(OkHttpCall.java:225)

                at retrofit2.OkHttpCall.execute(OkHttpCall.java:188)

                at edu.internet2.middleware.grouper.changeLog.consumer.o365.GraphApiClient.invoke(GraphApiClient.java:164)

                at edu.internet2.middleware.grouper.changeLog.consumer.o365.GraphApiClient.addGroup(GraphApiClient.java:201)

                at edu.internet2.middleware.grouper.changeLog.consumer.Office365ChangeLogConsumer.addGroup(Office, threadId: 104, elapsed: 1285 ms

 

 

2. No members were ever added to the groups via changeLog.consumer.o365.

3. We were unable to delete the groups from Office 365 through their deletion

   in Grouper.

 

The groups are created but no subsequent operations on them seem to be

performed.

 

Is there something that we have overlooked?  Or is the development of support

for unified groups still a work-in-progress?

 

Thank you!

 

Beth

-------------------------------------------------------------------------

Beth A. Halsema - M.S. in Computer Science, GSEC

Sr. Sofware Engineer, Identity & Access Management

OVPIT - IT Security and Policy

https://urldefense.com/v3/__http://www.itap.purdue.edu__;!!KGKeukY!kIgRCaDOkKFEUnBHzPZEJu8pk_3ipJwriqvV0H15-kRKFWkrNDld2bNcdf2dMLDVM3E$