26 June-2019

Attending 

• Chris Hyzer, Penn, Chair
• Chad Redman, UNC
• Bert Bee-Lindgren, GA Tech
• Carey Black, the Ohio State University
• Vivek Sachdiva, independent 
• Emily Eisbruch, Internet2

Grouper Action Items are here 

Discussion

New Action Items

• AI Chad and Chris help on  Bert’s issue re maven / pom
• AI Chris handle Grouper client jar be configured to debug json message]
• AI Chris, handle issue from Jeffrey Crawford: Get warning in logs: “but the attribute for that identifier is not configured in the subject source.”

Grouper Training in Madison June 18-19, 2019 

https://spaces.at.internet2.edu/display/Grouper/Grouper+Training+Environment

•   - went well
• First 2 day Grouper training , about 21 participants
• Most were new to Grouper
• Had some sessions on newer Grouper features and modules, 
• New features worked well
• Got good feedback
• Bill Thompson, ChrisHyzer and James Babb  were trainings
• Used 15 minute modules with hands on exercises and  a verbal quiz
• This is in preparation for Internet2 implementing an LMS
• Next training will tentatively be this winter.
• Erin working on specifics

Current work tasks, and next tasks

Vivek –   Grouper Forms  Workflows and Approvals

• Validation is in place
• Daemon runs , needs testing
• Suggestion: needs to say electronic form name and description
• Nested UI can potentially be confusing, lots done with more tab
• Want to be sure to start in  a generic way
• Button to show for people who can submit the form (not just for admins)
• List all the electronic forms on a group?
• Good to have it in the page so you can link to the forms for your group
• Balance between long list of options versus going to a new page
• Question: Do I have to go to right group to find the workflow or is there a way to globally see all workflows I can start?  
• Answer: must know the group
• Later, there may be a misc electronic forms feature 
• After someone submits a workflow, have a confirmation message
• Notes for approvers was intended to be approvers can add , but not submitters. Should be read only (greyed out) on submitter page
• Should save metadata about the form, report of audit data
• Summary of Chris’s feedback on Forms, Workflow and Approvals
  •   electronic form button should show for people who can run it

  •   clear form after sending

  •  notes for approvers is readonly for submitter
html form should be standalone


Chris –  Training, patches

     Grouper Deployment Guide  http://doi.org/10.26869/TI.25.1 , published in 2017

• Hope to start Grouper Deployment Guide  v2 soon
• convert Grouper Deployment Guide to wiki pages
• Review   and make comments and leave edits
• Update it for current patches
• Grouper types, visualization, attestation
• Hoping to do LMS modules on all the modules of Grouper
• Should Grouper Deployment Guide focus on setting up groups and access policy standards only? 
• Grouper Deployment Guide has Intro to access management that is very helpful.
• Suggestion to Rename the Grouper Deployment Guide to Centralized Authorization Guide with Grouper
• Docker approach needs to be reflected  in the GDG v2, 
• Standardizing on Docker for installation has some advantages
• But not every campus is ready to use Docker
• Would be helpful to simplify installation 
• V1 GDG was developed via a contract with Unicon
• In next phase of GDG, the Grouper team will be more closely involved
• Currently the installer goes from zero to a patched version of Grouper
• With Docker, there is no chance to mess up people who have manually added JARS
• Recent campus upgrade became complex when Docker was not used
• Installer versus Docker …   if you add your own Grouper customizations, and run the installer for patches, this can be more complex, than using the Docker image
• Use a revalidate mode?
• This conversation  to be continued. Hope to get more Grouper packaging decisions for better consistency 

Bert – PSPNG patches

• Been fighting maven problems where maven is calling grouper api’s pom invalid and ignoring transitive dependencies
• The June 9 change seems to be the problem
• Dependencies in grouper/pom.xml do not have versions
• They’re supposed to get version info from grouper-parent/pom.xml
• Ex: https://github.com/Internet2/grouper/blob/master/grouper-parent/pom.xml#L462

• [ERROR] 'dependencies.dependency.version' for com.amazonaws:aws-java-sdk:jar is missing. @ edu.internet2.middleware.grouper:grouper:[unknown-version], /home/mchyzer/2.4.pspng-patches/m2/edu/internet2/middleware/grouper/grouper/2.4.0-SNAPSHOT/grouper-2.4.0-SNAPSHOT.pom, line 81, column 21

• AI Chad and Chris will help on  Bert’s issue re maven / pom
• Grouper pom should use variables to specify a version. Instead of dependency management technique
• Chris, Chad and Bert will discuss this offline
• Possibly parent pom is bad

Shilen – Report attestation 

Chad – Visualization improvements

• Wondering how the patches are working
• Used during Grouper Training in Madison
• Things worked well
• More intuitive now
• Can now see the ref group, policy group, basis group,
• Legend looks good
• Chad hope to make one fix (download svg or png from webpage, there is jsfiddle with example) 
• If composite , make sure you have both children
• Chris opened some JIRAS related to Chad’s work , such as trace a membership in Grouper, would be interesting to visualize that, see all the paths and privileges 
• GRP 2221 add visualization to trace membership

Matt create JIRA around  UI should have a way to report the current version/patch level (DONE)

•     GRP-2236

Issue Roundup for June 26, 2019

 Emails since  June 12, 2019

Reasons simple loader job is not populating a group? (Josh ODowd)

Restart Grouper without running installer again (Adam Chang, UC Irvine)

UI Audit Log Timeout (Jared, Kenyon)

• When Shilen returns

PSP AD - 2 Domains (Ryan R , U Nebraska)

Math in Visualizer (Princeton)

Advanced Grouper Usage (  Richard Frovarp ) 

• Chris will reply to this

Topics on TIER-Grouper Slack

• Grouper and Amazon's Corretto JDK?  The Shibb team announced official support for it (and not Zulu Java), so we'll be moving the Shib containers to Corretto. (Caskey)
• Competitor to Open JDK?
• Look at this, compare it to Zulu, for Grouper 2.5
• grouper (web ui?) capability to control who (using a group) could search a grouper subject attribute.  Subject decorator (Gettes)
• TIER Grouper Deployment Guide, section 5.2.1 that describes the recommended “etc:” stem/folder. Is etc:grouper_admin supposed to correspond to the default etc:sysadmingroup found in grouper.base.properties? If so, should grouper.base.properties evolve so that the default is etc:grouper_admin instead of etc:sysadmingroup? (Koranda)
• upgrade docs --- doesn't mention anything about tomcat , also other upgrade issues and questions ( Michael Bearfoot, U Minnesota)
• PSP-NG... every so often we are getting this exception when trying to pull subjects to put into a group syncing to AD/LDAP.   (Erik Coleman)
• Can Grouper client jar be configured to debug json messages (Jeffrey Crawford)
•  [AI Chris handle Grouper client jar be configured to debug json message]
• Get warning in logs: “but the attribute for that identifier is not configured in the subject source.  “ (Jeffrey Crawford)
• [AI Chris, handle issue from Jeffrey Crawford: Get warning in logs: “but the attribute for that identifier is not configured in the subject source.]

New JIRAs since  June 12, 2019 , since JIRA 2205

• 2234 conflicting jar makes mistake on aws

• 2233 upgrade tomcat installer due to security issues, document process

• 2232 add text file (or json) tomcat version list so the installer doesnt need to be edited to add tomcat versions

• 2231 sql table provisioner: different behaviors for similar Config

• 2230 sql table provisoner: error for last_updated

• 2229 sql table provisioner: incremental ability needed

• 2228 sql table provisioner: errors showing as success

• 2227 wherever cron is used (e.g. reports), trim the string before validating and saving

• 2226 pspng no grouperSession error

• 2224 allow grouper client to debug messages in json

• 2223 my groups should have a groups I can leave tab (from Grouper Training)

• 2222 allow enabled / disabled when memberships are added so there is not churn
• 2221 add visualization to trace membership
• 2220 members tab doesn't work when editing types
• 2219 Attribute Value assignment screen sends user home on enter key
• 2218 UI fails to refresh group membership when users "Joins" the group.
• 2217 changelog temp processor status
• 2216 PSPNG - Full- and Incremental-Sync coordination and conflicts
• 2215 PSPNG - Frequent warnings about existing attribute values
• 2214 PSPNG - FullSyncing group not selected for provisioning
• 2213 PSPNG - Grouper-Loader Log
• 2212 PSPNG and Unresolvable Subject
• 2211 PSPNG - CacheSize=0: Should not enable unlimited caching
• 2210 PSPNG - Caching: Share more information between Full & Incremental Sync
• 2209 PSPNG - More configuration options for Caching

•  2208 Issues addressed by PSPNG 2.4 Patch 8

• 2207 grouper template screens should have a title
• 2206 reports incorrectly detect S3 urls

Recent Grouper Wiki Updates

• Grouper Installer Upgrade Tomcat to 8.5
• Grouper Reporting
• Grouper Release Notes
• Grouper provisioning in the UI (need a plan for PSP NG with this)
• Grouper Forms  Workflows and Approvals
• Grouper Training Environment Developer Notes
• Attestation Using Reports
• Authentication  to the Grouper UI (Emily and Chad)

Next Grouper Call: Wed. July 10, 2019