Attending
- Chris Hyzer, Penn, Chair
- Chad Redman, UNC
- Bert Bee-Lindgren, GA Tech
- Carey Black, the Ohio State University
- Vivek Sachdiva, independent
- Emily Eisbruch, Internet2
Discussion
New Action Items
- AI Chad and Chris help on Bert’s issue re maven / pom
- AI Chris handle Grouper client jar be configured to debug json message]
- AI Chris, handle issue from Jeffrey Crawford: Get warning in logs: “but the attribute for that identifier is not configured in the subject source.”
Grouper Training in Madison June 18-19, 2019
https://spaces.at.internet2.edu/display/Grouper/Grouper+Training+Environment
- - went well
- First 2 day Grouper training , about 21 participants
- Most were new to Grouper
- Had some sessions on newer Grouper features and modules,
- New features worked well
- Got good feedback
- Bill Thompson, ChrisHyzer and James Babb were trainings
- Used 15 minute modules with hands on exercises and a verbal quiz
- This is in preparation for Internet2 implementing an LMS
- Next training will tentatively be this winter.
- Erin working on specifics
Current work tasks, and next tasks
Vivek – Grouper Forms Workflows and Approvals
- Validation is in place
- Daemon runs , needs testing
- Suggestion: needs to say electronic form name and description
- Nested UI can potentially be confusing, lots done with more tab
- Want to be sure to start in a generic way
- Button to show for people who can submit the form (not just for admins)
- List all the electronic forms on a group?
- Good to have it in the page so you can link to the forms for your group
- Balance between long list of options versus going to a new page
- Question: Do I have to go to right group to find the workflow or is there a way to globally see all workflows I can start?
- Answer: must know the group
- Later, there may be a misc electronic forms feature
- After someone submits a workflow, have a confirmation message
- Notes for approvers was intended to be approvers can add , but not submitters. Should be read only (greyed out) on submitter page
- Should save metadata about the form, report of audit data
- Summary of Chris’s feedback on Forms, Workflow and Approvals
- electronic form button should show for people who can run it
- clear form after sending
- notes for approvers is readonly for submitter html form should be standalone
Chris – Training, patches
Grouper Deployment Guide http://doi.org/10.26869/TI.25.1 , published in 2017
- Hope to start Grouper Deployment Guide v2 soon
- convert Grouper Deployment Guide to wiki pages
- Review and make comments and leave edits
- Update it for current patches
- Grouper types, visualization, attestation
- Hoping to do LMS modules on all the modules of Grouper
- Should Grouper Deployment Guide focus on setting up groups and access policy standards only?
- Grouper Deployment Guide has Intro to access management that is very helpful.
- Suggestion to Rename the Grouper Deployment Guide to Centralized Authorization Guide with Grouper
- Docker approach needs to be reflected in the GDG v2,
- Standardizing on Docker for installation has some advantages
- But not every campus is ready to use Docker
- Would be helpful to simplify installation
- V1 GDG was developed via a contract with Unicon
- In next phase of GDG, the Grouper team will be more closely involved
- Currently the installer goes from zero to a patched version of Grouper
- With Docker, there is no chance to mess up people who have manually added JARS
- Recent campus upgrade became complex when Docker was not used
- Installer versus Docker … if you add your own Grouper customizations, and run the installer for patches, this can be more complex, than using the Docker image
- Use a revalidate mode?
- This conversation to be continued. Hope to get more Grouper packaging decisions for better consistency
Bert – PSPNG patches
- Been fighting maven problems where maven is calling grouper api’s pom invalid and ignoring transitive dependencies
- The June 9 change seems to be the problem
- Dependencies in grouper/pom.xml do not have versions
- They’re supposed to get version info from grouper-parent/pom.xml
- Ex: https://github.com/Internet2/grouper/blob/master/grouper-parent/pom.xml#L462
- [ERROR] 'dependencies.dependency.version' for com.amazonaws:aws-java-sdk:jar is missing. @ edu.internet2.middleware.grouper:grouper:[unknown-version], /home/mchyzer/2.4.pspng-patches/m2/edu/internet2/middleware/grouper/grouper/2.4.0-SNAPSHOT/grouper-2.4.0-SNAPSHOT.pom, line 81, column 21
- AI Chad and Chris will help on Bert’s issue re maven / pom
- Grouper pom should use variables to specify a version. Instead of dependency management technique
- Chris, Chad and Bert will discuss this offline
- Possibly parent pom is bad
Shilen – Report attestation
Chad – Visualization improvements
- Wondering how the patches are working
- Used during Grouper Training in Madison
- Things worked well
- More intuitive now
- Can now see the ref group, policy group, basis group,
- Legend looks good
- Chad hope to make one fix (download svg or png from webpage, there is jsfiddle with example)
- If composite , make sure you have both children
- Chris opened some JIRAS related to Chad’s work , such as trace a membership in Grouper, would be interesting to visualize that, see all the paths and privileges
- GRP 2221 add visualization to trace membership
Matt create JIRA around UI should have a way to report the current version/patch level (DONE)
Issue Roundup for June 26, 2019
Emails since June 12, 2019
Reasons simple loader job is not populating a group? (Josh ODowd)
Restart Grouper without running installer again (Adam Chang, UC Irvine)
UI Audit Log Timeout (Jared, Kenyon)
- When Shilen returns
PSP AD - 2 Domains (Ryan R , U Nebraska)
Math in Visualizer (Princeton)
Advanced Grouper Usage ( Richard Frovarp )
- Chris will reply to this
Topics on TIER-Grouper Slack
- Grouper and Amazon's Corretto JDK? The Shibb team announced official support for it (and not Zulu Java), so we'll be moving the Shib containers to Corretto. (Caskey)
- Competitor to Open JDK?
- Look at this, compare it to Zulu, for Grouper 2.5
- grouper (web ui?) capability to control who (using a group) could search a grouper subject attribute. Subject decorator (Gettes)
- TIER Grouper Deployment Guide, section 5.2.1 that describes the recommended “etc:” stem/folder. Is etc:grouper_admin supposed to correspond to the default etc:sysadmingroup found in grouper.base.properties? If so, should grouper.base.properties evolve so that the default is etc:grouper_admin instead of etc:sysadmingroup? (Koranda)
- upgrade docs --- doesn't mention anything about tomcat , also other upgrade issues and questions ( Michael Bearfoot, U Minnesota)
- PSP-NG... every so often we are getting this exception when trying to pull subjects to put into a group syncing to AD/LDAP. (Erik Coleman)
- Can Grouper client jar be configured to debug json messages (Jeffrey Crawford)
- [AI Chris handle Grouper client jar be configured to debug json message]
- Get warning in logs: “but the attribute for that identifier is not configured in the subject source. “ (Jeffrey Crawford)
- [AI Chris, handle issue from Jeffrey Crawford: Get warning in logs: “but the attribute for that identifier is not configured in the subject source.]
New JIRAs since June 12, 2019 , since JIRA 2205
2234 conflicting jar makes mistake on aws
2233 upgrade tomcat installer due to security issues, document process
2232 add text file (or json) tomcat version list so the installer doesnt need to be edited to add tomcat versions
2231 sql table provisioner: different behaviors for similar Config
2230 sql table provisoner: error for last_updated
2229 sql table provisioner: incremental ability needed
2228 sql table provisioner: errors showing as success
2227 wherever cron is used (e.g. reports), trim the string before validating and saving
2226 pspng no grouperSession error
2224 allow grouper client to debug messages in json
2223 my groups should have a groups I can leave tab (from Grouper Training)
- 2222 allow enabled / disabled when memberships are added so there is not churn
- 2221 add visualization to trace membership
- 2220 members tab doesn't work when editing types
- 2219 Attribute Value assignment screen sends user home on enter key
- 2218 UI fails to refresh group membership when users "Joins" the group.
- 2217 changelog temp processor status
- 2216 PSPNG - Full- and Incremental-Sync coordination and conflicts
- 2215 PSPNG - Frequent warnings about existing attribute values
- 2214 PSPNG - FullSyncing group not selected for provisioning
- 2213 PSPNG - Grouper-Loader Log
- 2212 PSPNG and Unresolvable Subject
- 2211 PSPNG - CacheSize=0: Should not enable unlimited caching
- 2210 PSPNG - Caching: Share more information between Full & Incremental Sync
- 2209 PSPNG - More configuration options for Caching
2208 Issues addressed by PSPNG 2.4 Patch 8
- 2207 grouper template screens should have a title
- 2206 reports incorrectly detect S3 urls
Recent Grouper Wiki Updates
- Grouper Installer Upgrade Tomcat to 8.5
- Grouper Reporting
- Grouper Release Notes
- Grouper provisioning in the UI (need a plan for PSP NG with this)
- Grouper Forms Workflows and Approvals
- Grouper Training Environment Developer Notes
- Attestation Using Reports
- Authentication to the Grouper UI (Emily and Chad)
Next Grouper Call: Wed. July 10, 2019