Grouper Call of Oct. 12, 2022
Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Vivek Sachdiva, independent
- Chad Redmon, UNC
- Carey Black, Purdue
- Drew Aschenbrener, Internet2
- Chris Hubing, Internet2
- Emily Eisbruch, Internet2
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda Bash
DISCUSSION
Java
- Suggestion to move to Java 17 , Amazon Corretto
- There is an existing suggestion to not use Grouper API directly
- Issue if 3rd party libraries require
- Document this well, for those who are “rolling their own”
- Variable in Docker is target platform
- Installer Jenkins file needs exact version of java? Ask Chad?
- Had to hard code the version of Corretto, needs to find bin Java
- Use shell script?
- Need to unzip every time
- Jenkins file line 3 in Grouper build in Grouper v2.6
- AI Chris Hubing and Chad - remove absolute path of Java in upstream grouper build
- Need Java 8, can we install it on the server?
Current Projects
Vivek
- Midpoint Provisioner is working
- Expanded SQL provisioner and added options
- MidPoint is simpler than SQL
- Deletion is now soft delete
- Column called deleted (T or F)
- Foreign Keys cascade? - Chris and Vivek will talk about this
- Can have up to 5 tables in SQL.
- Long or time stamp
- Start with
- Document on wiki the DDL to help get people going
- Same columns same table names with prefix
- Configure attributes for whatever columns
- Can configure target
- Subjects don’t have attributes
- This is starting provisioner, moving forward may incorporate more user requirements
- Changed types of compare and search, used to always use string
- Azure Provisioner
- Fixing an issue around sending out emails (typo)
- Changed from individual APIs to batch APIs
- Can wrap into one call
Shilen
- Finished Group set updates to Point in Time
- Biggest issues are related to group sets
- Should be more reliable
- Hopefully no noticeable performance hit
- Updates:
- Daemon should be updated first
- Hope we don’t have to go to GSH for this
- Want to move away from command line requirements, prefer UI
- Point in time sync as one-off
- Options:
- Upgrade tasks are unscheduled and manual or
- Have two sets of upgrade tasks, one that’s auto (every 30 minutes it checks) and one, after that, that’s manual
- Chris add Jira for run upgrade task every minute, store.. Exit if so.
- Shilen worked on hibernate
- Some issues came up
- Shut down ehcache when tests are done and at end of GSH
- If you run one test from main method, it will hang
- Jira on enable/disable dates, fixed that issue
- Will look at another issue on enable / disable dates, and membership screen
Chris
- Fixed issue with web service and subject identifier
- New release, fixing issue w Linux, find commands not working
- Grouper v2.6.16.2
- https://spaces.at.internet2.edu/x/lowTD
-
- CHMOD CHOWN issue
- Use slash root
- Don’t mount things randomly in the container
- Grouper appending things on start if you mount to final location, so use slash root
- What about stop and start?
- Should work
- Only edits the 1st time it runs
- Jars upgraded
- Jar upgrades can be annoying, misspelling issue
- Xhtml web service format, now removed in 2.6.17
- Soap libraries, what to do with deprecated warning to see if you are using it?
- Have a property if you don’t set it…
- Want ability to turn off Soap in Grouper 2.6.
- It will be turned off and if you still need it, you must set a property
- Have an attribute to store the last use
- Attribute and Web service query?
- Hook on web service calls?
- Hoping not to log every call
- But good to know every case of where it’s being used
- Soap calls can be done with REST
- Decision: create a Grouper Use table, store info on who is calling it, source IP address, details on operation, timestamp, summarize in Grouper report, also, in the future, have a way to see this info in the UI?
- Peoplesoft, part doing the outgoing service calls, does that use soap? Could be an older version of Peoplesoft only used Soap
Soon ready for Grouper 2.6.7
- Wil have Java 17
- No TomEE and SCIM
- Chad puts in new
- Take out Apache and Shib SP
- Unicon (Pac4J) authentication and SCIM authentication
- Data fields and JEXL Loaded groups
Chad
- Working on SCIM
- Finished a set of integration tests and unit tests
- Hope to motivate people to use SCIM more
- Find out what institutions need
- Midpoint uses SCIM 1.1, not SCIM 2
- Should there be different SCIM profiles, that each calling credential can be linked to
- Grouper display name is bothersome
- Can run SCIM without web services
- Run 5 containers?
- Advice now is run Web service and SCIM in same container
- SCIM libraries have a lot of dependencies
- Focus on SCIM was a Internet2 TIER initiative, not sure how many are using it
- Hope to release this SCIM work in Grouper 2.7
- Chad can move code to web service project
Chad - flickering of flattened memberships- Get removed from one group and added to another
- It does memberships one by one
- Deletes before adds
- Trying to figure out how to solve that
- See JIRA on that
GRP-4352
-
Getting issue details...
STATUS
- CI failing because of activeMQ issue
- Chris fixed that , needs to commit
Issue Roundup
Jiras in past two weeks
GRP-4420
update grouper client help text: ownerMembershipAny0SubjectSource
GRP-4419
fix welcome email disabled
GRP-4418
auto create ws users group if not exists and if configured
GRP-4417
upgrade xmlsec
GRP-4416
upgrade wss4j
GRP-4415
Add option to dump ddlScript output to stdout instead of a file
GRP-4414
remove jdom and xhtml WS format
GRP-4413
upgrade commons-fileupload jar
GRP-4412
do not query ldap_dn attribute in ldap filters
GRP-4411
Grouper Version Upgrade 2.6.16.2
GRP-4410
Allow option to not show subject attribute friendly description for names
GRP-4409
upgrade ldaptive version
GRP-4408
upgrade org.apache.qpid
GRP-4407
upgrade googleoauth jars
GRP-4406
upgrade jackson-dataformat-yaml in ws-scim
GRP-4405
upgrade commons collections4
GRP-4404
configure import file or copy paste submit does not do anything...
GRP-4403
ldap provisioner with default member does not get removed
GRP-4402
upgrade nimbus to latest due to json-smart library and security scan
GRP-4401
remove /root/.m2 directory in image
GRP-4400
loader subjob entries should be capped at 100
GRP-4399
data fixer daemon should make sure no group has the same name as another alternate name
GRP-4398
dont allow changing subject source id in subject source wizard
GRP-4397
dont chown / chmod logs directory in container runtime, just during create
GRP-4396
ldap loaders should auto enable like sql (on create)
GRP-4395
lite add member web service should accept subjectIdentifier
GRP-4394
Allow the UI list of Provisioners to be extended
GRP-4393
relieve or increase SQL size limit for loader jobs
Grouper Emails in recent weeks
- AI Chris reply to emails on Grouper users list
- [grouper-users] edu.internet2.middleware.grouperClient.ws.GcWebServiceError: Bad response from web service: resultCode: PROBLEM_GETTING_MEMBERS, Sahull, 09/14/2022
- [grouper-users] Azure Provisioner null pointer exception error, Sahull, 09/15/2022
- [grouper-users] fun with DDL upgrade, Jeff McCullough, 09/21/2022
- [grouper-users] using two instances of PSPNG, Ben Beecher, 09/21/2022
Substring issue perhaps?
Perhaps change PSPNG label?
- [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Francesco Malvezzi, 10/05/2022
- Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Chad Redman, 10/05/2022
- Re: [grouper-users] Peer help required to smuggle uid shib var to grouper-ui, Francesco Malvezzi, 10/06/2022
Grouper wiki updates in past two weeks
Next Grouper Call: Wed Oct. 26, 2022