Grouper Working Group Notes of September 29, 2021
Attending
- Chris Hyzer, Penn, Chair
- Chad Redman, University of North Carolina Chapel Hill
- Vivek Sachdiva, independent
- Shilen Patel, Duke
- Emily Eisbruch, Internet2
Discussion
- Internet2 Intellectual Property Policy
- Approve minutes
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda bash
Grouper Training this week is going well
- Over 40 people in this week’s Grouper training
- Enthusiastic group
- Challenging to manage that many people
- May use breakout rooms
- Shilen will help with leading training today, along w Chris and Chad
- Some participants in training want Grouper to be event based, No loader jobs, all batch sync
- Need to provide them more info!
- Type screen has a problem that is impacting training
- Monday Oct 4, 1pm to 1:50pm
- What's New with Grouper? Talk about new functionality in the Grouper product and the roadmap going forward.
- Chris Hyzer
- Roadmap
- Versioning
- Provisioning
- GSH Templates
- Authentication work
Shilen will participate in a CAMP session on linking SSO systems, along with Rob C, Keith W
CURRENT WORK
Vivek
- Screens and system for users to get public private keys
- Expiration
- What IP address can access key
- Close to done with this work, likely by end of this week
- 2048 bit public private key
- Store in database clear text
- JWT with expiration
- Can do “decoration” , Keeping logs etc
- but need to balance
- Don’t want to spent too much time, need to get this work out there
- Keys can have expiration date
- Any Grouper sysadmin can add/delete public private key
- There can be a group of people with authority to manage this
- We should make a default group
- If someone owns a local entity they should be allowed to make web service calls
Shilen
- Worked on 3 JIRAS
- Will work on JIRA around OU case issue, name field is a DN, membership field links to name field perhaps. Chris and Shilen will discuss.
- When creating OUs , you specify attribute
Chad:
- Focus on Grouper Training, happening this week
- UNC Upgraded to 2.5.55 , with docker containers
- Upgrades take minutes instead of days
- Enterprise Openshift and Redhat 7
- Splunk
- Looking forward to using GSH templates
- Won’t need to use command line
Chris:
- Unicon authentication puts servlet filters in front of our servlet filters
- Broke anything that uploads a files, such as importing memberships
- Slack Chris if you have ideas on this
- Demo Server issue caused by Apache config: Shilen fixed.
- Design for folder view privileges https://spaces.at.internet2.edu/display/Grouper/Grouper+folder+privilege+performance
- Please provide feedback to Chris for Grouper 2.6
Issue Roundup
Jiras in past two weeks
GRP-3641
Visualization: If sibling count greater than set limit, display a node indicating truncation
GRP-3640
export to gsh should use new build patterns or abbreviate format
GRP-3639
Grouper Provisioning - translate from static values to simplify objectClass config
GRP-3638
Shore up "masking" of secrets in Configuration view
GRP-3637
PSPNG not full-syncing AD groups with memberships above a certain number
GRP-3636
add provisioning delete option to not sync objects where "provisionable" is removed but the grouper object still exists
GRP-3635
object types do not work
GRP-3634
add more loader logs in the message to be seen in ui
GRP-3633
ldap to sql add "translation type" config and required attribute or translation script
GRP-3632
ldap to sql multi valued attribute table
GRP-3631
add good descriptions to all LDAP provisioning elements
GRP-3630
Grouper Provisioning - ldap - override dn should work without translations
GRP-3629
import error row number not correct
GRP-3628
copying a group to a name that has a collision causes validation error with default validation settings
GRP-3627
Visualization should not encode character entities (e.g. &) in display name
GRP-3626
Add member text box should not encode character entities (e.g. &) in display name
GRP-3625
first click on demo server gives error
GRP-3624
demo container exits with: Error: Can't drop privilege as nonroot user
GRP-3623
cannot init registry since cannot find subject
GRP-3622
message for not provisionable before the provisioner has run
GRP-3621
Grouper Provisioning - ldap override dn doesn't work unless group already exists in ldap
GRP-3620
auto translate dn and rdn for flat and bushy with dn override
GRP-3619
grouper request wrapper superseded by upstream j2ee filter
GRP-3618
add oidc to grouper ui
GRP-3617
jwt expiration 0 makes no sense
GRP-3616
add jexl validation to jwt claims to only allow certain conditions
GRP-3615
allow custom ui to be able to pass user into it
GRP-3614
max header issue in tomcat
GRP-3613
conslidate logging in container and allow pipes, local files, or both
GRP-3612
GSH templates support input type of 'find a Subject' and 'find list of Subjects' types
Grouper Emails in past two weeks
- [grouper-users] Error running CHANGE_LOG_changeLogTempToChangeLog, Andre Daniels, 09/23/2021
- Re: [grouper-users] Error running CHANGE_LOG_changeLogTempToChangeLog, Shilen Patel, 09/23/2021
- Re: [grouper-users] Error running CHANGE_LOG_changeLogTempToChangeLog, Andre Daniels, 09/23/2021
- Re: [grouper-users] please ignore my previous mail, Malathi Deenadayalan, 09/27/2021
Grouper wiki updates in past two weeks
- Find Groups
- GrouperShell (gsh) Attribute value insert / update / delete (AttributeAssignValueSave)
- How to set up a Grouper development environment with IntelliJ
- Grouper LDAP external system
- External systems configuration
- v2.5 Release Notes
- Grouper folder privilege performance
- LDAP to SQL sync attribute example
- LDAP to SQL sync
- Grouper folder privilege performance
- Grouper data structure improvements v3.0
- Grouper Training Environment dev notes - generate images
- Grouper Downloads
- Grouper v2.5 container unit tests
- Grouper LDAP provisioner in v2.5 demo6 groupAttributes flat with DN override and troubleshooting
- Grouper LDAP provisioner in v2.5
- v2.6 Release Notes