Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redmon, UNC
- Vivek Sachdiva, independent
- Andrew Costa, U of Nebraska
- Drew Aschenbrener , Internet2
- Chris Hubing, Internet2
- Emily Eisbruch, Internet2
DISCUSSION
- Agenda bash
Current Work
Grouper Training May 17 - 20, 2022
Chris and Chad working on preparing for Grouper Training
https://incommon.org/academy/grouper-school/
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda bash
- Chris Hubing: SQL Provisioning issue
- Chris Hyzer: Provisioners are in holding pattern
- Once we get the next Grouper release out, then more progress on provisioners.
-
Grouper Training May 17 - 20, 2022
Chris and Chad working on prep
https://incommon.org/academy/grouper-school/
Current Work
Vivek
- Provisioning Configuration
- we made the start with scaffolding screen (swiss army knife)
- Asking questions specific to a particular provisioner
- But there are many combinations people can fill in on the start with scaffolding screen
- And we use that to prepopulate the Provisioning screen
- There is a lot to do
- Need viable product for Grouper 2.69
- Need to release, even if not perfect
- U of Nebraska is excited about testing Grouper 2.69
- Focus on Azure functionality
- Eager to test
- Matt: GUI is coming along
- Not sure about provisioner language shift
- Use of word Entity can be confusing
- See Grouper provisioning glossary
- Are subjects the same as entities?
- Not exact same
- https://spaces.at.internet2.edu/display/Grouper/Grouper+provisioning+glossary
- Chad: need to explain some things on the wiki page, hard to explain everything on UI
- Drop down for provisioning type, may need wiki to explain what the types are
- Chris: those things should be externalized and explained
- Good you can create Daemon jobs from provisioner screen
- Chris: need to work on the implementation of that
- Drew: likes the diagnostics tools
- Shilen: looks good. re SQL patterns, wiki page for LDAP shows all the patterns, descriptions on each one. Could be useful to have more of a description.
- Chris: could be in text on screen
- Or use documentation link
- Search and matching config still needs to be finished
- Then do testing – Big effort
- Work with Vivek to get more of the Start With Scaffolding done
Shilen
- Point in time membership trace
- For troubleshooting why a person is in a group, for example
- Proposal : Events within 90 seconds are same cluster
- Like rules and hooks, do things based on other things
- Group things, so you can see the chain of events
- Create cluster of events
- Change log defaults to one minute
- Make in configurable
- Context on data can be helpful
- AI - May 11 2022 Shilen and Chris will discuss point in time membership trace
- Would be helpful to see Point in time versus audit records
- For user audit, what should permissions be?
- Read on the group should be required, can discuss more later
Chris
- Doing Prep for Grouper training next week.
- 33 people signed up for training
- MichaelG is doing SQL sync, Chris working on that a bit
- Met with U Missouri around TLS connection issue
- trusted roots that are up the trust chain from SSL certs
- Put that in anchors
- Root command must be run
- If container runs as root it works
- If using OpenShift need open CI trust
- If doing client certs, use a different approach
- Grouper container documentation for v2.5
- Grouper v2.5 container SSL trust management
- Container issues
- Grouper in future - plan Tomcat only?
- There are many container flags
- Depending on config files to have certain variable
-
- Provisioning config has two sections
- Entity Attribute Cache (4 buckets)
- Translation script option
- Mapping
- Need to work on logic for copy back
- Using cache value, or using the Grouper value
- For example NETID is renamed and it’s cached, what to do
Chad
- Upgrading the image to Grouper 2.68 went well
- Changes for LOG4J took some work
- To prevent permissions errors (Chad deleted file entries)
- Seeing folder attribute assignments in menu were not showing for non admins
- GSH commands issue due to a renamed class GRP 4024
- GRP-4024
Application and policy templates through the API gives error - Chris will remind Vivek
Issue Roundup
Jiras in past two weeks
container httpd config error format is after the include
GRP-4031
look at the introspection endpoint for OIDC Connect (e.g. UI authn)
GRP-4030
make a template example to disable daemon jobs
GRP-4029
clean up grouper image after removing log4j, so its not in the intermediate files on system scans
GRP-4028
ability for container to add ssl client cert for java
GRP-4027
provision to target where user previous existed then is removed (membertoid2)
GRP-4026
ability for container to add ssl anchor cert for OS/java
GRP-4025
Removing recent membership config doesn't remove settings
GRP-4024
Application and policy templates through the API gives error
GRP-4023
in subject source config ldap the only option is subtree scope
GRP-4022
add attestation report widget on home page
GRP-4021
maybe have data owners as drop down and searchable groups by data owner
GRP-4020
add zoom external system
GRP-4019
refactor matching and search attribute configuration
GRP-4018
provisioning config indent hide/show
GRP-4017
provisioning sql specific column labels and descriptions
GRP-4016
refactor subject link and cache
GRP-4015
move subject link to the entity attribute cache section
GRP-4014
move attribute value cache from entity attribute section to entity2 section
GRP-4013
move attribute value cache from group attribute section to group2 section
GRP-4012
Provisioner UI: Name field is set to drop down when the attribute name is EL-based.
GRP-4011
Grouper UI queries root folder twice
Grouper Emails in past two weeks
No new
Grouper wiki updates in past two weeks
- Princeton University Grouper Page
- Grouper Product Roadmap
- Grouper container documentation for v2.5
- Grouper v2.5 container SSL trust management
- Grouper Training Environment
- Grouper custom template via GSH
- v2.6 Upgrade Instructions from v2.6
- Grouper provisioning v2.6.9 refactor
Next Grouper Call : Wed May 25, 2022