Grouper Call of Sept. 28, 2022

Attending 

• Chris Hyzer, Penn, Chair
• Shilen Patel, Duke
• Vivek Sachdiva, independent  
• Chad Redmon, UNC
•  Drew Aschenbrener, Internet2
• Chris Hubing, Internet2
• Emily Eisbruch, Internet2

Administrivia

•  Internet2 Intellectual Property Policy
• Review AIs  Grouper Project Action Items (Google Doc)
•  Agenda Bash

Grouper Training

• Grouper Training happening this week Sept 27-30, 2022  https://incommon.org/academy/grouper-school/
• Going well

Plan for Grouper 2.6 and 2.7

https://spaces.at.internet2.edu/display/Grouper/Grouper+provisioning+framework+remaining+items

• Plan: we should wrap up provisioning (over the next month) and call it a day on v2.6.  
  
• Then go to v2.7 and do some of what we previously planned but not everything. 
  
•  Work on ABAC and data fields.  
  
• Then 2.8 would be the true single process container.  2.6 is dragging on and we need a more recent stable version of Grouper than 2.5.  Thoughts? 
  
  
  

Current Work

Vivek

• MidPoint provisioner, it’s a subclass of SQL provisioner
  
• Configuration is simplified, can specify a table prefix
  
• Used to have a column for what target data going to,
  
• But that is one to many
  
• So target is now multivalued
  
• Vivek will make multivalued metadata option
  
• 
  
• did provisioning unit tests
  
• OIDC, one external system does everything, you configure end points to OIDC or well known URL
  
• Can use redirect URI
  
• Ajax
  
• OIDC authentication to Grouper UI
  
• OIDC authentication to Grouper Web Service
  

Shilen

• Shilen will merge in Hibernate
  
• Shilen is working on adding groups and point in time. Change log might be more of a bottleneck, but group additional are not the biggest issue for change log
  
• Would be good in Grouper 3.0 to do everything batched
  

Chris

  Grouper Training is going well.

Grouper 2.6.16 was released on Sept 22, 2022
v2.6 Release Notes

Some updates were madeto Grouper 2.5 also

v2.5 Release Notes

 Chad

• Grouper Training Training
  
• Updated the wiki page for Grouper UI configuration, it was 90% out of date
  
• Customising the Grouper UI
  
• Including changing banner and logo
  
  
• Working on the SCIM project
  
• Plan For 2.7, Rocky Linux, Tomcat, Single Process, Need to pick a java… Anything above Java 8.  Suggestion for Java 11.
  

Chris Hubing

• The current grouper docker container uses centos7
  
• as an improvement, we are testing rocky8, which is newer and will have better support
  
• and also supporting arm64 processors
  
• right now, it only supports the x86/amd64 architectures
  
• so overall, these are some improvements the community is asking for
  

Issue Roundup 

Jiras in past two weeks

GRP-4392
provision only applicable memberships

• 
  GRP-4391
  put limits on group size for provisioning
  
  
  
  
• 
  GRP-4390
  if query too long for loader, should give error on UI before saving
  
  
  
  
• 
  GRP-4389
  abbreviate group display names on main page
  
  
  
  
• 
  GRP-4388
  improve find command in container build script
  
  
  
  
• 
  GRP-4387
  Refactor or remove GrouperUtil.fileCopyExampleResourceIfNotExist()
  
  
  
  
• 
  GRP-4386
  add attestation where if not attested the group will be disabled
  
  
  
  
• 
  GRP-4385
  the directory /home/tomcat in container should be group executable
  
  
  
  
• 
  GRP-4384
  container should not change ownership or permissions on /opt/grouper/slashRoot
  
  
  
  
• 
  GRP-4383
  grouper provisioning null pointer when incremental adding a user (not in target) to a group that requires users to exist
  
  
  
  
• 
  GRP-4382
  fix this error message to mention caching on links
  
  
  
  
• 
  GRP-4381
  handle unresolvables in provisioning
  
  
  
  
• 
  GRP-4380
  provisioning membership value should get from cache? or make attributes work
  
  
  
  
• 
  GRP-4379
  change audit log to add start/end dates
  
  
  
  
• 
  GRP-4378
  audit log says someone added even if the start date is in the future
  
  
  
  
• 
  GRP-4377
  enabled/disabled should update memberships if they exist
  
  
  
  
• 
  GRP-4376
  upgrade jars
  
  
  
  
• 
  GRP-4375
  show container version in UI
  
  
  
  
• 
  GRP-4374
  default log level for grouper is info and not warn
  
  
  
  
• 
  GRP-4373
  change pit group set sync'ing to use change log
  
  
  
  
• 
  GRP-4372
  provisioning in readonly mode should not make changes
  
  
  
  
• 
  GRP-4371
  Refactor session initializer to remove resources/init/*.properties
  
  
  
  
• 
  GRP-4370
  Move banner and footer into jsp includes
  
  
  
  
• 
  GRP-4369
  Page title only working for main page
  
  
  
  
• 
  GRP-4368
  Creation of Local Entity Failing when not user in sysadmingroup
  
  
  
  
• 
  GRP-4367
  do not provision memberships if user does not exist in target
  
  
  
  
• 
  GRP-4366
  failsafe approvals not working for provisioning
  
  
  
  
• 
  GRP-4365
  cannot edit provisioning daemon
  
  
  
  
• 
  GRP-4364
  fix container ENV and USERTOKEN
  
  
  
  
• 
  GRP-4363
  grouper container should be able to log to file or pipe or both
  
  
  
  
• 
  GRP-4362
  Provisioning Framework is provisioning entities that exist in Grouper but not Target
  
  
  
  
• 
  GRP-4361
  make findBadMemberships full daemon scale for missing composites
  
  
  
  
• 
  GRP-4360
  migrate from oidc non external system to external system
  
  
  
  
• 
  GRP-4359
  remove foreign keys from grouper_stem_view_privilege
  
  
  
  
• 
  GRP-4358
  remove jsonlib and replace with jackson
  
  
  
  
• 
  GRP-4357
  add start/end date to member export of group
  
  
  
  
• 
  GRP-4356
  Bad membership finder daemon should catch throwable
  
  
  
  
• 
  GRP-4355
  maven checkstyle shouldn't warn on missing javadoc on private fields/methods
  
  
  
  
• 
  GRP-4354
  make sure provisioning readonly is readonly
  
  
  
  
• 
  GRP-4353
  oidc well known and required fields
  
  
  
  
• 
  GRP-4352
  loader should add before remove
  
  
  
  
• 
  GRP-4351
  Fix testing errors in WS bearer token external system
  
  
  
  
• 
  GRP-4350
  error creating stems
  
   
  

Grouper Emails in September 2022

• [grouper-users] Change delimiter for multivalued attributes returned by WS?, Baron Fujimoto, 09/06/2022
  
• Re: [grouper-users] Change delimiter for multivalued attributes returned by WS?, Baron Fujimoto, 09/09/2022
  
• [grouper-users] edu.internet2.middleware.grouperClient.ws.GcWebServiceError: Bad response from web service: resultCode: PROBLEM_GETTING_MEMBERS, Sahull, 09/14/2022
  
• [grouper-users] Azure Provisioner null pointer exception error, Sahull, 09/15/2022
  
• [grouper-users] fun with DDL upgrade, Jeff McCullough, 09/21/2022
  
• [grouper-users] using two instances of PSPNG, Ben Beecher, 09/21/2022
  

Grouper wiki updates in past two weeks

• Connecting to the AWS Training Environment
  
• GrouperShell (gsh) Composite insert / update / delete (CompositeSave)
  
• Grouper provisioning framework remaining items
  
• Connecting to the AWS Training Environment
  
• v2.5 Release Notes
  
• v2.6 Release Notes
  
• DDL in Grouper v2.5+
  
• Release steps for new container build
  
• v2.6 Upgrade Instructions from v2.6
  
• Container update process
  
• Customising the Grouper UI
  
• GrouperShell (gsh)
  
• OIDC authentication to Grouper UI
  
• OIDC authentication to Grouper Web Service
  
• Assign Attributes Batch
  
• Generated javadoc and site reports
  
  

Next Grouper call: Wed. Oct 12, 2022