Grouper
Child pages
  • 16-Oct-2019
Skip to end of metadata
Go to start of metadata

  

Attending 

  • Chris Hyzer, Penn, Chair
  • Chad Redman, UNC
  • Shilen Patel, Duke
  • Carey Black, the Ohio State University
  • Bill Thompson, Lafayette
  • Vivek Sachdiva, independent
  • Jeff Williams UNCG
  • Charise Arrowwood, Unicon
  • Emily Eisbruch, Internet2

Action Items

New Action Items from this call

  • AI Chris - add  example in wiki for API way to add config if it’s not already there
  • AI Chad - add “email  CC BC and REPLY” issues to   to the bug roundup page and say it’s fixed
  • AI Bill - Add some of the Auckland issues to the bug roundup 
  • AI Bert - respond to   Oct 10 email from  Satya about PSP, suggest to stay on old JAVA until get on PSP NG  

DISCUSSION

Current work tasks, and next tasks

Timeline on the Bugs Work  and Patches for Grouper 2.4

  • Finishing the 2.4 patches, still need to make branch to 2.5
  • Unit testing ongoing
  • Chris finishing config database
    • Matt: Will there be an API way to add config?
    • Chris: Yes, there is an API way to do everything
    • There may already be an example in wiki, but if not, Chris will add it.
    • AI Chris add  example in wiki for API way to add config if it’s not already there
  • In future will be able to export config to move between environments
  • OSU is looking for the stable version of Grouper, it’s 2.4

Vivek – Bugs, attribute assignments from attributes screen, unit tests

  • Making progress on attribute assignment from attributes screen
  • This work is fixing   a gap from the LITE UI to the NEW UI
  • Includes a filter, for folder or group, 
  • Some ordering issues, Works for attribute name already
  •  Chris explains to  Vivek about the backend issues, and putting in order, for attribute assignments, doing it in memory, not in the database. There are 6 methods to get the attribute assignments, including using re-sort assignments
  • Filter on all 6 types? If you filter on a group that’s fine, it’s case insensitive.  Same w attribute definition. But for immediate and effective memberships, we have subject source restrictions on what you can search on. It gets complex.  Decided this filter will only filter on groups folders and attribute definitions. No filter on a subject attribute, excludes member name. 
  • Filter on owner or on member.. This makes it more simple
  • Hope this screen will do what people want intuitively 


Unit Testing for Grouper 2.4 Patches 

 Chris –  Bugs, attribute assign queries, training, database configuration

  • Done with config work
  • Will create patch tonight
  • Will do unit test
  • Issue at Penn
    • Moving to AWS
    • ITAP container passwords, scriptlets or environment variable
    • Now with more encryption in Grouper, of things for reports, and other items in the database, now ifneed morph  string config file and cant do expression language
    • Chris hopes to add  support for expression language in morph string config
    • Should be in hibernate properties eventually
    • For now it’s 2 files

 Shilen – Bugs, 2.5 database changes

  • Changes to Daemon page
    • Different colors for successful or errors or tables
  • Looked at a few test cases, fixed a couple
  • Things being added to flash cache when they should not be
  • Bugs we need to fix in the code
  • Shilen will look at more test cases
  • Tweaks to Bert’s commit and add that to the Bug Roundup


Chad – Bugs, libraries in 2.5

  • 2 pull requests from Nick Auckland, Both Chad closed without merging
  • Need to add JVM param every time
  • Rebuilding site  in Maven, so this was implemented
  • Closed
  • Grouper Client deprecated classes, related to SSL
  • Reworte using JAVAnet SSL
  • Couldn’t merge that directly
  • Unrelated commits
  • Cherrypicked and commented  on pull request and closed it

  • New feature request for CC BC and REPLY TO in Grouper Email
  • AI Chad add email  CC BC and REPLY to   to the bug roundup page and say it’s fixed

  • Chad created JIRA for a new feature, goes along with visualization, way to view jobs and when they run, looks  like GAANT chart. 
  • Can do it in EXCEL
  • Another page like graphs
  • Menu items under all deamon jobs
  • For example, One job kicks off another job...
  • Comment: The more visualization the better
  • Chad will help with Unit Tests 


Bill – Grouper Deployment Guide, training, pspng, dev env


  •     AI Bill Add  some of the Auckland issues to the bug roundup 

  • Training at Temple in Nov 2019
    • preparing for Grouper Training at Temple in November
    • Chris and Bill will be the trainers
    • Using Experience from Madison training to refine the curriculum
    • Too ambitious in Madison, not enough times for hands on
    • Hope to get better balance
    • Improving the Administrative section
    • Technical setup in Madision was excellent, 
    • Hope for same at Temple
    • Idea of partnering up/ pairing up the attendees
    • There will be one fewer trainer this time
    • Appreciate if Grouper Team members can send out note to your institution to let them know about the Grouper Training opportunity
    • Bill : idea for an EDUCAUSE security professionals conference, in April 2020 , https://events.educause.edu/security-professionals-conference/2020 in Bellevue, Washington 
    • good venue for ½ day Grouper seminar, intro to Grouper, access management strategies angle, many CISOs attend this conference 
    • Chris is maxed out on conferences for 2020. 
    • Bill would be able to explore presenting, will reach out to Grouper users list
    • Possibly Charise could help get Unicon involvement along with a Unicon client
    • Bill did a Grouper session at REN ISAAC 2 years ago

  • Grouper Deployment Guide (GDG)
    • Grouper team will continue to review GDG  and provide input
    • Agenda for the GDG community call next Wed Oct 24 at noon ET
    • Bill will collate the comments prior to the call
    • Issue of what is the Grouper Deployment Guide
    • Need enough examples, but it’s not a HOW TO Guide
    • More on adoption strategies? Interesting content we could add

Issue Roundup  

  Grouper-users list Emails 

  • Oct 2, 2019 : composite group runs out of TEMP tablespace, using Oracle,  Oregon State
    Table scans , internals of the database, at Duke, DBAs handle performance issues  
    • Perpetual problem, poor performance based on databases organizations are using
    • BillT: may be peculiar to every deployment, but maybe the community contributions could help, if people can offer advice from their own experience.  How to scale Grouper? Here are examples of deployments at scale w some details..  


  • Oct 3: foreign key constraint error with grouper database migration between identical grouper version , Satya Mohapatra, MIT
  • Oct 7: Grouper Documentation Outreach, EE
  • Emily changed calendar item from GDG meeting on Oct 23, send another email reminder  DONE


  • Oct 8: Lurking issue: STEM_SETS table , U Minnesota
    • Shilen notes there is already a JIRA on STEM SETS issue fixer -  GRP-582
  • Oct 10: Is there pointer for psp-*.xml with Java 1.8 ?  Satya Mohapatra, MIT
    • Chris thinks Java 1.8 can’t do this..
      AI Bert respond to   Oct 10 email from Satya  about PSP, suggest to stay on old JAVA until get on PSP NG  


Slack (Oct. 2 and forward)

  • Location of Grouper Trainings

  • PSPNG LdapObject.toString() dropped support for mutli-valued attributes, https://todos.internet2.edu/browse/GRP-2347 G. Haverkamp 

  • initialize a Provisioner, it loads all groups that have provision_to attribute , takes too long,  https://todos.internet2.edu/browse/GRP-2348, https://todos.internet2.edu/browse/GRP-2349 , W Wang 
  • question/ comment regarding how the prepConf() family of functions work in /usr/local/bin/library.sh in the TIER packaging, Mark Day
  • What are schools using for sensitive data and shibboleth?   Rachel L , UNC Charlotte  (there were many responses)
  • How groups handle changes,  Think roles and departments, the department is a folder name, and the role is a group in that folder. If a new role gets added it may need to be added to every department folder.  , J Crawford
  • add a folder of groups to another group , J Crawford
  •     Rule for  a version of this above , G Haverkamp

    Matt: Business patterns would be helpful , for example,  a way to say “ this list needs to be consistent in all these other folders” 
    • Create Another hook for  this? Or use rules? Or Template? Would need to Redefine the template.
    •  Matt added GRP-2360 for business pattern need (via rule? hook? template?)
    • Attribute management  could be an issue…


Rule for Roll up Group, nesting of groups and folders -  Jeff W interested in


JIRAs  since Oct. 2 2019

  • 2358 deprovisioning email service looking for attributes and not going to root folder
  • 2357 flattened add email daemon not exists?
  • 2356 admin groups required with new duo admin sync enabled
  • 2355 ability for a group to be configured to only SEARCH and ALLOW subjects from a list of Subject Sources. BONUS if you can restrict the members to a Grouper Local Entities (or groups) in a specific folder/sub folders too.
  • 2354 add rule then enum to add a member to a specific group (not owner)

  • 2353 if visualization folder has same name as type, just show once

  • 2352 add adhoc to grouper types

  • 2351 advanced memberships search should do subject filtering

  • 2350 Loader: Improve logging

  • 2349 Have the FullSync and the Incremental provisioners share the list of ProvisionedGroups

  • 2348 Slow evaluations for GroupSelectionExpression in initialize Provisioner

  • 2347 PSPNG LdapObject.toString() dropped support for mutli-valued attributes

Grouper Training in November


Next Grouper Call: Wed Oct 30, 2019

  • No labels