Child pages
  • 14-Nov-2018
Skip to end of metadata
Go to start of metadata




  • Chris Hyzer, Penn, Chair
  • Shilen Patel, Duke
  • Bert Bee Lindgren, Georgia Tech
  • Chad Redman, UNC
  • Vivek Sachdiva, independent
  • Emily Eisbruch, Internet2


  Training and documentation plans  

  • There are  plans to potentially change doc and training structure for TIER components, including Grouper.

  • Move to learning management system with small 5 minutes modules/chunks

  • Mix between our training videos and hands on training such as a TechEx

  • Plan is to use commercial partners to help create the training

  • For documentation, still use Confluence, but cut a version for each release

   Global Summit 2019
  • There will not be full day Grouper training at  Internet2 Global Summit in March 2019

  • There will be a Trust and Identity meeting in July  or Aug, details TBD

Current work tasks, and next tasks

Vivek – Object types

  • Looks good, should we tie into the loader?

  • String attached to each group based on queries

  • Use JXL? templatized?

  • For list of groups.

  • Go to folder…

  • On that folder you can put basis or ref markers that will be inherited.

  • Could be on loader config screen too.

  • Or on the SQL  

  • Nice to get variable substitution

  • Would be useful , had not thought about it for 1st pass

  • Shilen: could do this without loader integration.

  • Don’t want to have loader job as only source

  • Could maintain thru web service or could be a composite group

  • For web service, you could set attributes

  • Maintain memberships  

  • Service and folders approach is good

  • Definitions:

    • App is a base level of an application

    • Service could be multiple applications

  • Apps don’t have to live inside a service folder

  • Service could be inheritable?

  • Right now you can only  have one assigned

  • Do we want multi select dropdown? Yes

  • Don’t want more than one type for a single thing

  • But could have both apps and services

  • See the model used for deprovisioning

  • First you assign and then you can select

  • Show different types …

  • For example, select employees, then can  come and configure under students umbrella

  • Use same order as in Grouper deprovisioning

  • First ask type name

  • Then ask Direct/indirect

  • List is same as for folders?

  • Chris will get back to Vivek on that

  • Is hierarchy set when click on save?

  • Or it’s in real time?

  • Chris: don’t recompute

  • Vivek: When click on save, go thru the hierarchy

  • Chris: use same approach as in deprovisioning

  • Q: can you put direct inside inherited folder?

  • A: yes it will overwrite

  • Bert: can you use these as a structured search ?   use these as ways to define groups and folders?

  • When a group is displayed we should bring these to be more visible so you don’t have to go to menu to look at type.

  • Display the type more prominently.

  • The type is important human readable info on the group.

  • Right now it’s in the “more” section

  • Chris will email the list to share this Object Types work

Summary of next steps on Grouper Types

To do now

Put type name first, then direct/indirect

When settings changed, it should use logic like deprovisioning where it updates the hierarchy tree

Types and metadata should be displayed on object page under the description (not in "more")

To do later

Source basis and ref metadata from loader

Clarify the difference between app and service

If there is a blank attribute, it should be unassigned

Use this as a means to search for things


  • Working on Database configs
  • Put comment above a string
  • Chris can share this work with Bert
  • Morph More? string needs to be changed?
  • It should see if file exists if there is slash 
  • Will do patch


PSPNG patches

  • Patching for Regex relevant characters
  • Password login for connection password
  • Encryptable properties
  • Other string encryptable or ldaptive properties?
  • Option for certif , Property would be a filename , so not in scope
  • Morph? string is done magically
  • Metadata  in property file is good idea
  • Masking is 99% solution
  • Config Property metadata could be added later
  • Will release patch this week

Logging and how loader breaks into sub-jobs

  • For full syncs

  • Perhaps separate log file for each provisioning target or each group in each provisioning target

  • For PSP NG, Defined stack of properties

  • Designed log4J appender? If you don’t have the properties in your call stack

  • Works for syncing

  • Helps make logs more searchable

  • Messages can be relatively simple

  • Still log context of the message

  • JSON logging is awesome, searchable

  • Bert will provide output sample

  • Set values to have separators

  • They show up as distinct fields.

  • Pattern helps to understand logs better

  • Chris: Full sync should have an entry in Grouper loader log

  • Bert thinking about sub-jobs

  • Should PSPNG log be in its own log file?

  • Bert: They should be searchable

  • Talk about this on next Grouper call 

  • Nice to have a consistent way to log


  • Loader improvements, GSH, performance

  • released patch for LDAP loader, complex values

Started looking at Daemon jobs screen

  • Filter by a job name?

  • Only shows most recent run.

  • Show all loader log data?

  • Good to get this patch out.

  • Work on history for next pass

  • When  you create loader job, have option asking if you want to schedule it

  • Make is so run loader process schedules it thru the daemon

  • This could be separate JIRA and patches

  • Shilen will release patch and create jiras for additional work


Jar versions

GSH, ldaptive, and dom4j patches are released.

Added a change log in root directory

Chad sent email to core list  on Oct. 22, 2018 about JIRAs not complete.

Next project for Chad perhaps:

  • Around startup and hibernate

  • Chad and Chris will talk about items on roadmap

Issue roundup

  • WS find members performance opportunities?

    • Analyzing tables…

    • Query table directly is better  than web services?

    • Change HQL

    • Wait to hear again about this

  • How would USDU work with a delay?

    • Possible approach:

      • Configure USDU to set attribute on member  objects

      • If not unresolvable, then clear the date

      • ScottK also had an USDU issue

  • Anyone interested in an integration with business objects?

    • Penn looking at this

  • GSH patch with new installer

  • Non zero return code for gsh

  • Loader job starting and disappearing (Bert)

    • Upgrading to Grouper 2.4 helped with this

  • Refactor GSH patch

  • JDBC2 subject config example

  • Grouper-loader base url

  • Grouper UI and reverse proxy and tomcat config (Ill)

  • Maybe the installer should setup the client?

  • grouperClient and forked versions of third party libraries

  • Grouper container openshift (Chad)

  • All test patches released

  • Maven build fail SubjectTestHelper

  • Failing member.changeSubject()

Next Grouper Call: Wed Nov. 28, 2018

  • No labels