Grouper Call of April 10, 2024
Attending
- Chris Hyzer, Penn, Chair
- Vivek Sachdiva, independent
- Shilen Patel, Duke
- Carey Black, Purdue
- Gail Lift, University of Michigan
Chris Hubing, Internet2
Administrivia
InCommon Basecamp is June 3-7, 2024 (online only)
DISCUSSION
Administrivia
InCommon Basecamp is June 3-7, 2024 (online only)
Current Work
Vivek
- There are many dependencies that should be considered when deleting
- Worked on deleting a folder or a group and what rules are associated.
- Shows rules outside of the hierarchy
- Question: Can I jump to a rule to modify it? Might want to tweak the rule
- Answer : makes sense to add an assignment column
- AI Vivek will add assignment column to his work on deleting folder or group
- Vivek worked on these Jiras:
- GRP-5303 underlying database connection issues are masked in logs in certain circumstances
- GRP-5304 do not flush ehcache controller when clearing caches if it is not alive
- Next tasks: go over rules, test privileges
ABAC work upcoming potentially
- U Michigan is working on ABAC and may have some requests around the expressions,
- 80 job codes, need a good way of easily saying anything in this list counts.
- Suggestion to re-use a set of values across policies?
- Basis attribute values, make into something more institutionally recognized.
- But job codes may be very specific per department
- Have a list for “my workspace” ?
- Use intermediate groups?
- Some things are extractable and some are not
- Gail will work through the use cases
- Chris: we hope to eliminate need for so many “ORs” , use wildcards perhaps
- Use dynamic attributes potentially
- Hope to get real time attribute changes to propagate to policies.
Shilen
- Visualization work
- GRP-5401 Visualization with member criteria
- When visualizing a group or folder, want a way to include a user, a member yo uare searching for,
- if user is in a group, then group is green, otherwise it’s red
- Colors were already used for other purposes
- Some colors changed to borders
- Legend is used to explain
- Question on ADA compliance
- Shilen will add an alternate form of indicating
- Suggestion to add a marker on the box, that says “is present”
- Suggestion to change the way color and hue and shading are used
- Text at bottom should have all the info
- Shilen will remove the use of red, implement pink
- Add “entity in group” text
- Performance testing
- Shilen got test instance set up
- Both postgress and openLDAP are crashing
- Spends a lot of time on one section of provisioner
- Need different VMs? (currently using one VM for Daemons, postgress and open LDAP)
- Shilen will do more work on this
Apache Directory Studio security
- Chris Hyzer has question on Apache Directory Studio security and restrictions looking at attributes
- Chris Hubing may have some insight to this, using LDIFs
- Not allowed to walk structure, must do a blind search
- AI Chris Hubing will consult with Paul Caskey on Apache Directory Studio attributes security issu and let Chris Hyzer know.
Chris
- Need to go to Tomcat 9. Push that out to v4 and v5
- Has anyone installed Selenium in Rocky?
- AI Chris Hubing will look into whether anyone has experience with Selenium in Rocky
- WebISOGET is a simplified approach
- Chris Hubing suggests: Come up with list of test cases
- U Michigan has used Selenium for testing
- Discussion of Duo, Kubernetes
- Chris fixed Attestation Group Save issue
Issue Roundup
JIRAs
- GRP-5401
Visualization with member criteria - GRP-5400
Template V2 tests fail: "gshTemplateOwnerType is a required field"
GRP-5399
SCIM attributes for ServiceNow
GRP-5398
mysql and oracle have grouper_sql_cache_group disable_on column as non null, should be nullable
GRP-5397
Veto invalid permission assignments based on attribute name
GRP-5396
AttestationGroupSave.assignMarkAsAttested() does not work
GRP-5395
upgrade tomcat to 9.0.87 since 8.5 is EOL
GRP-5394
error deleting, adding data field
GRP-5393
when abac data fields / rows / providers are edited in the UI, need to update the database aliases
GRP-5392
remove uesrSearchFilter from ldap provisioner config
GRP-5391
Foreign key constraint missing from Oracle upgrade DD 0
Wiki updates in past 2 weeks
Grouper Administration Guides
Grouper health check endpoint (healthcheck, stav5 Release Notes
Grouper custom template via GSH user membership history
Grouper health check endpoint (healthcheck, status, diagnostics)
Next Grouper Call: Wed. 24, 2024