The COmanage Registry Grouper Provisioning Plugin is agnostic about the identifier used as the Grouper subject source. The only requirement from Registry is that it know the identifier and it is attached to the CO Person record either because Registry is creating it (eg. auto-generated identifiers) or because Registry has consumed it, perhaps during an enrollment or pipeline flow.

Grouper itself must be configured to search some service or repository to resolve the subject. Grouper calls the services or repositories subject sources. A Grouper deployment may have multiple subject sources. Common choices for Grouper subject sources are relational databases and LDAP directories.

If the identifier you want to use as the Grouper subject source is created by Registry, perhaps as an auto-generated identifier, you will need to make sure the identifier is provisioned as part of a person record that Grouper can be configured to use as a subject source. A common choice is to use the Registry LDAP Provisioning Plugin and provision the identifier as part of the CO Person record provisioned to LDAP and then configure Grouper to use LDAP as a subject source.

If instead the identifier you want to use as the Grouper subject source is simply consumed by Registry, for example during an enrollment flow (ePPN for example) or a pipeline flow, then you need to be sure that Grouper is configured to use some system where it can find that identifier as a subject source.

Configuration of subject sources for Grouper is discussed as this link.



  • No labels