Grouper Working Group Notes of Dec. 8, 2021

  Attending 

• Chris Hyzer, Penn, Chair
•  Shilen Patel, Duke
• Chad Redmon, UNC
• Emily Eisbruch, Internet2

 DISCUSSION

•  Internet2 Intellectual Property Policy
  
• Approve minutes
  
• Review AIs  Grouper Project Action Items (Google Doc)
  
• Agenda bash
  

•  FYI: Grouper Blog for November 2021 Trust and identity newsletter
  

 Current Work

Chris 

• Stem view performance 
  
• Two tables: grouper last login and grouper stem privilege
  
• When you do stem find it goes to DOA
  
• secure stems
  
• Query clause
  
• Uses folder set tables
  
• It takes too long
  
• So, do half the calculation in advance 
  
• Add new approach everywhere to make stems more secure
  
• There is the ability to  sort a list of stems
  
• User Full sync and incremental sync to keep up
  
• Experience:
  
• Computing the privileges for a Grouper folder takes milliseconds
  
• Computing for attributes can take 8 sec
  
• For a wheel user or read only admin,  or a view only admin, it doesn't check
  
• There is a group for power users who can view everything
  
• Is there a way to disable this feature?
  
• Yes the config
  
• Default will be true
  
• Need a folder view privilege?
  
  

• Pull request on Shib library fixes
  
• Grouper HTTP client, does logging of everything, was hard to specify around logging the body, added something around system properties
  

• Grouper Release news: 
  
• Grouper 2.65 should be announced today
  
• There is a lot in that release
  
• Another release may be needed soon
  

• Chris needs to do something w Security level -1
  

Vivek  

• SQL provisioner is done. 
  
• There is interest in midpoint 
  

Shilen

• Updated provisioner diagnostics
  
• Works well with LDAP
  
• Did JUNIT tests
  
• Jira resolved for 2.65
  
• Will work on the USDU changes
  

Chad

• Delete members issue
  
• Did Two fixes for group . replace members
  
  
  
• Add or remove members issue
  

Grouper Training is scheduled for February 8-11, 2022

• https://incommon.org/academy/grouper-school/
  
• Prep for delivering this training should be less work than before because of new container and Better examples
  
• With LMS students have trouble getting to slides
  
• If copy paste has everything you need, it will help
  
• Copying from slides is hard
  
• Too much switching different windows
  
• Take stuff out of slides?
  
• Challenging to keep it all up to date
  

Issue Roundup 

Jiras in past 4 weeks

• GRP-3715
  add option to suppress log message about subject identifier mismatch
  
  
  
  
• GRP-3714
  Allow externalized text in Types metadata,
  
•  they want scriptlet
  
  
  
  
  GRP-3713
  RFE: org specific daemon instances
  
• 
  This issue keeps coming back, running certain jobs on certain hosts
  
• https://todos.internet2.edu/browse/GRP-1737
  
  
  
  
• 
  GRP-3712
  RFE: provisioners sharing load?
  
  
  
  
  GRP-3711
  Nesting capable provisioners?
  
• UNC has need for this also
  
  
  
  
  
• GRP-3710
  shib library path fix
  
  
  
  
• GRP-3709
  gsh template error if delete the folder where the template runs
  
• Navigate to parent folder
  
  
  
  
• 
  GRP-3708
  Incremental loader: prevent extra full syncs
  
• Discussed on Slack, assigned to Shilen
  
  
  
• GRP-3707
  add option to not log HTTP body in GrouperHttpClient and Azure authentication
  
  
  
  
• 
  GRP-3706
  improve and standardize http proxy support for grouper
  
  
  
  
• 
  GRP-3705
  grouper http client should take system properties into account
  
  
  
  
• 
  GRP-3704
  dont fail when a null subject id, identifier, or id_or_identifier is selected in incremental loader
  
  
  
  
• 
  GRP-3703
  provisio
  n groups without memberships to azure and get exception
  
• AI Chris will add more info to GRP-3703
  
  
  
• 
  GRP-3702
  Improve Azure external system documentation
  
  
  
  
• 
  GRP-3701
  documentation for csv file daemon should be about csv files not reports
  
  
  
  
• 
  GRP-3700
  dn is documented to be a variable in ldap to sql translation
  
  
  
  
• 
  GRP-3699
  quickstart container maturity level -1 had ddl version 2.5, it should be 2.6
  
  
  
  
• 
  GRP-3698
  allow GrouperSystem password to be set by env var in container (not in quickstart mode)
  
  
  
  
• 
  GRP-3697
  ldap to sql does not log where there is bad data
  
  
  
  
• 
  GRP-3696
  remove hsqldb from grouper
  
  
  
  
• 
  GRP-3695
  Provisioning diagnostics shouldn't show options that are not available to the provisioner
  
  
  

Grouper Emails in past 4 weeks

AI Chris respond to the Grouper emails  from 11/23 (grouper not connecting w external LDAP server) and 12/02 (OWASP_CSRF token issue)

• [grouper-users] grouper is not connecting with external ldap server, Malathi Deenadayalan, 11/23/2021
  

• [grouper-users] OWASP_CSRF token issue, Carl Waldbieser, 12/02/2021
  

Grouper wiki updates in past 4 weeks

• v2.6 Upgrade Instructions from v2.6
  

• Grouper web services - authentication - self-service JWT