Notes from Grouper Working Group, at Technology Exchange in Indianapolis, Oct. 29, 2014
Tom Barton welcomed the group and gave a brief introduction to Grouper. See slides here:
Grouper 2.2 Release and 2.2.1 Release (Chris Hyzer, University of Pennsylvania)
See Slides here:
Grouper 2.2 was a major release
New UI was a key feature https://spaces.internet2.edu/display/Grouper/Grouper+new+UI+v2.2
For a list of all new features, see the release notes at https://spaces.internet2.edu/display/Grouper/v2.2+Release+Notes
Grouper 2.2.1 is a substantial (48 JIRAs) but "minor" release
Contains bug fixes and low-risk enhancements
new Grouper Upgrader makes upgrades easier. See https://spaces.internet2.edu/display/Grouper/Grouper+upgrader
If you run Grouper 2.2.0 you should update to 2.2.1 due to bug fixes
See the list of items in Grouper 2.2.1 at https://bugs.internet2.edu/jira/browse/GRP-1081?jql=fixVersion%20%3D%202.2.1%20AND%20project%20%3D%20GRP
Feedback on Grouper 2.2.0
Gail Dunmire of PSU reported that the person who did the install of Grouper 2.2.0 at PSU needed to do it several times. The configuration file overlays took time. Overall, the config overlays are a good improvement and will save time for future upgrades. The new install process, made possible with the Upgrader provided with Grouper 2.2.1 sounds like a good improvement.
CMU has had Grouper in production for one year
now CMU will install 2.2.1 with the old Grouper UI (and a link will be provided to the new UI), so the change to the new UI does not freak people out
The hope is that users will start to ask for the new UI
challenge on how to migrate people to the new UI
Currently, with every name, there is a display of that person's status (active, suspended, faculty , student or staff)
Provisioning Future (Dave Langenberg, U. Chicago)
The current PSP approach to provisioning has shown some problems with efficiency. Having the SPML engine in the middle is an issue.
Over last several months, the Grouper team, with input from the community, has discussed how to handle provisioning in Grouper moving forward (starting with the Grouper 2.3 release).
Current direction is to follow in footsteps of CMU and U. Washington and
to write a generic message format to generic message system targeting LDAP and AD (the most common use cases)
JSON will be the message format.
Messages should be signed and optionally encrypted
still figuring what goes in the message
Would have a base implemention you can take and extend
In Grouper 2.3 , the new approach will be available. The PSP will not go away, but will not be extended.
The current plan is to have connectors to common targets.
We hope to make the provisioning config easier
Bill Thompson, Lafeyette College: those who are working on new Grouper deployments need info as soon as possible regarding the future of the PSP.
Question: will there be embedded AMQ?
Answer: This is not in the plans
Question: will there be bulk reconciliation?
Community Code Contributions
An important aspect of our work is the chance for community contributions from which all benefit. We appreciate the work that everybody does.
See list of Contributions and also important guidelines for successful contributions on pages 12-14 here:
What are you working on at your site that could be helpful to the community?
UCLA looking at integrating Box and Grouper
Carnegie Mellon has developed a Grouper Active MQ provisioner https://github.com/cmu-ids/Grouper-ActiveMQ-Provisioner
Grouper Roadmap, for reference:
Community Contributions (Adopter Sketches)
Suggestion to encourage Grouper deployers to improve/update the adopter sketches at https://spaces.internet2.edu/display/Grouper/Community+Contributions
Some of them are thin and some are out of date
Look at better ways to organize the info so it is easier to find a scenario that matches your own.
Additional Grouper Resource From Technology Exchange
Thanks to Consortium GARR (Italian Academic and Research Network) for this presentation at the Technology Exchange:
Title: Implementing Grouper to Federate User Authorization