grouper training developers and architects advanced topics chris hyzer internet2 university of...
TRANSCRIPT
![Page 1: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/1.jpg)
Grouper TrainingDevelopers and Architects
Advanced Topics
Chris Hyzer
Internet2
University of Pennsylvania
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
![Page 2: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/2.jpg)
2
Contents
• Introduction• Change log• XMPP consumer• Custom consumer• ESB connector
• Hooks• Rules• Local entities• Move / copy• SQL interface
![Page 3: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/3.jpg)
3
Introduction to Advanced Topics
![Page 4: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/4.jpg)
4
Change log
• Grouper events from various services (UI, WS, loader, etc) are stored in change log
• Processed in order by the loader on cron (every minute?)
• Certain data about each event is stored• Other data can be retrieved from registry or point-in-time
• Change log consumers can connect to external systems• Change log consumers keep a pointer to latest
successfully processed record for that consumer• Failures in processing can be tried again
![Page 5: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/5.jpg)
5
XMPP consumer
• This is a generic consumer that can be configured for multiple clients
• You institution needs an XMPP server• Need at least one non-person account for authn• With one account you can differentiate by XMPP
resource
• Generally for small apps on receipt of message you full refresh your cache
• Grouper Client can consume XMPP messages
![Page 6: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/6.jpg)
6
XMPP consumer configuration
• The Grouper admin needs to configure XMPP in general, and the specific configuration for one service
• Here is a config for notification on membership changes in a folder
![Page 7: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/7.jpg)
7
Custom change log consumer
• The Grouper admin needs to configure custom change log consumers
• Custom Java code examines change log messages and processes or ignores them
![Page 8: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/8.jpg)
8
ESB connector
• ESB connector processes inbound HTTPS or outbound HTTPS
• Grouper admin must configure
• Inbound is similar to the Grouper WS
• Outbound will send a WS message with the ESB protocol
• Configure per service like XMPP
![Page 9: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/9.jpg)
9
ESB connector configuration
• e.g. send all membership change events to an ESB
• Note, this example is two configurations
![Page 10: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/10.jpg)
10
ESB connector sample message
• e.g. send all membership change events to an ESB
![Page 11: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/11.jpg)
11
Hooks
• Hooks are custom Java plugins to the Grouper API which are called before or after Grouper events
• Can register more than one hook for an event• The Grouper administrator needs to configure
hooks• Can be transactional• Example: when a memberships is added or
removed• Requires knowledge of the Grouper API
![Page 12: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/12.jpg)
12
Rules
• Rules are special attributes on Grouper objects which cause actions to occur
• Requires authorization from Grouper admin
• Built-in or custom actions
• Daemon can sync up rules on cron
![Page 13: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/13.jpg)
13
Rules examples
• Without using a composite group, if a user is not an employee, do not let them get added to the app users group, and remove them if removed from employee
• If a student is no longer in a course group, set a disabled date to the course wiki group for that student for 1 week in the future
• If a group is created in a certain folder, assign READ/ADMIN privileges to a certain group
![Page 14: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/14.jpg)
14
Local entities
• If you want to use a subject which is not in a subject source, you can create your own "local entity"
• Scoped in a folder• Has privileges if want them to be private• e.g. for System users, applications,
database schemas, non-person entities, etc
• Can assign attributes on local entities
![Page 15: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/15.jpg)
15
Renaming
• You can move or copy groups or folders• Moved groups can have one alternate
name so it can still be resolved by the old name
• There are several options:• Can copy privileges of group• Can copy members• Can copy attributes• etc.
![Page 16: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/16.jpg)
16
SQL interface
• If the Grouper admin permits, you can have SQL access to Grouper
• Read-only
• Should get a database ID which has SELECT grants on certain Grouper tables/views
• Common use case is to read large lists of memberships/privileges
![Page 17: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/17.jpg)
17
Quiz
• Click on the quiz link in the video description to reinforce your knowledge of this topic
![Page 18: Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons](https://reader035.vdocuments.site/reader035/viewer/2022081519/56649ee45503460f94bf3b6c/html5/thumbnails/18.jpg)
Thanks!
Further information:
•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
•Grouper demo server:grouperdemo.internet2.edu/
•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18