Grouper Working Group Notes of Dec. 8, 2021
Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redmon, UNC
- Emily Eisbruch, Internet2
DISCUSSION
- Internet2 Intellectual Property Policy
- Approve minutes
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda bash
- FYI: Grouper Blog for November 2021 Trust and identity newsletter
Current Work
Chris
- Stem view performance
- Two tables: grouper last login and grouper stem privilege
- When you do stem find it goes to DOA
- secure stems
- Query clause
- Uses folder set tables
- It takes too long
- So, do half the calculation in advance
- Add new approach everywhere to make stems more secure
- There is the ability to sort a list of stems
- User Full sync and incremental sync to keep up
- Experience:
- Computing the privileges for a Grouper folder takes milliseconds
- Computing for attributes can take 8 sec
- For a wheel user or read only admin, or a view only admin, it doesn't check
- There is a group for power users who can view everything
- Is there a way to disable this feature?
- Yes the config
- Default will be true
- Need a folder view privilege?
- Pull request on Shib library fixes
- Grouper HTTP client, does logging of everything, was hard to specify around logging the body, added something around system properties
- Grouper Release news:
- Grouper 2.65 should be announced today
- There is a lot in that release
- Another release may be needed soon
- Chris needs to do something w Security level -1
Vivek
- SQL provisioner is done.
- There is interest in midpoint
Shilen
- Updated provisioner diagnostics
- Works well with LDAP
- Did JUNIT tests
- Jira resolved for 2.65
- Will work on the USDU changes
Chad
- Delete members issue
- Did Two fixes for group . replace members
- Add or remove members issue
Grouper Training is scheduled for February 8-11, 2022
- https://incommon.org/academy/grouper-school/
- Prep for delivering this training should be less work than before because of new container and Better examples
- With LMS students have trouble getting to slides
- If copy paste has everything you need, it will help
- Copying from slides is hard
- Too much switching different windows
- Take stuff out of slides?
- Challenging to keep it all up to date
Issue Roundup
Jiras in past 4 weeks
- GRP-3715
add option to suppress log message about subject identifier mismatch - GRP-3714
Allow externalized text in Types metadata, - they want scriptlet
GRP-3713
RFE: org specific daemon instances
This issue keeps coming back, running certain jobs on certain hosts- https://todos.internet2.edu/browse/GRP-1737
GRP-3712
RFE: provisioners sharing load?
GRP-3711
Nesting capable provisioners?- UNC has need for this also
- GRP-3710
shib library path fix - GRP-3709
gsh template error if delete the folder where the template runs - Navigate to parent folder
GRP-3708
Incremental loader: prevent extra full syncs- Discussed on Slack, assigned to Shilen
- GRP-3707
add option to not log HTTP body in GrouperHttpClient and Azure authentication
GRP-3706
improve and standardize http proxy support for grouper
GRP-3705
grouper http client should take system properties into account
GRP-3704
dont fail when a null subject id, identifier, or id_or_identifier is selected in incremental loader
GRP-3703
provisio
n groups without memberships to azure and get exception- AI Chris will add more info to GRP-3703
GRP-3702
Improve Azure external system documentation
GRP-3701
documentation for csv file daemon should be about csv files not reports
GRP-3700
dn is documented to be a variable in ldap to sql translation
GRP-3699
quickstart container maturity level -1 had ddl version 2.5, it should be 2.6
GRP-3698
allow GrouperSystem password to be set by env var in container (not in quickstart mode)
GRP-3697
ldap to sql does not log where there is bad data
GRP-3696
remove hsqldb from grouper
GRP-3695
Provisioning diagnostics shouldn't show options that are not available to the provisioner
Grouper Emails in past 4 weeks
AI Chris respond to the Grouper emails from 11/23 (grouper not connecting w external LDAP server) and 12/02 (OWASP_CSRF token issue)
- [grouper-users] grouper is not connecting with external ldap server, Malathi Deenadayalan, 11/23/2021
- [grouper-users] OWASP_CSRF token issue, Carl Waldbieser, 12/02/2021
Grouper wiki updates in past 4 weeks