Child pages
  • Grouper Call 12-Feb-2014
Skip to end of metadata
Go to start of metadata

Minutes from Grouper Call of Feb. 12, 2014

Attending

Tom Barton, U. Chicago
Chris Hyzer, Penn
Dave Langenberg, U. Chicago
Misagh Moayyed, Unicon
Emily Eisbruch, Internet2, scribe

New Action items

[AI] (Dave) record the Stem Name and AD Provisioing issue in the Grouper roadmap as unassigned (Done)https://spaces.at.internet2.edu/pages/viewpage.action?pageId=14517754

[AI] (Chris) will follow up again with CMU on search terms issue

[AI] (to be assigned=Chris) take the older code base out of Grouper for uPortal connection

Carry Over Action items

[AI] DaveL write up the response to the Shib Grouper question.https://lists.internet2.edu/sympa/arc/grouper-users/2014-02/msg00004.html

[AI] (Chris) will look at POST and GET parameter issues, identified as a flawed design pattern from the PEN testing

[AI] (Shilen) email the Grouper users list about import and export  

[AI] (DaveL) work on the PSP aspect of GRP 914.    

[AI] (Andrew) let us know what emerges from the Apereo security notification process work.

===========

DISCUSSION

Upcoming Meetings and Grouper-Dev

Internet2 Global Summit, Denver,  April 6-10
  Grouper BoF on Wed., April 9, 2014,  7:30am - 8:30 am

2014 Open Apereo Conference, Miami, June 1-4
Proposal deadline was in early Feb; Agenda is not announced yet.
Bill Thompson is interested presenting a Grouper session at the conference
There may be some demo sessions.
Misagh would be willing to do a co-presentation of Grouper

Internet2 Technology Exchange,  Indianapolis, Oct. 26 - 30, 2014
-Program is being worked on
-the plan is incorporate elements of the Identity Week program from 2013

Loose Ends

AD provisioning issue
aStem:aName: vs aStem:aName in provisioning

Active Directory has some constraints regarding the storing of group and membership objects of the same name.
DaveL has created a JIRA about the string matching issue:https://bugs.internet2.edu/jira/browse/GRP-950

Further discussion on this:
Could this be an AD issue that we need to take into account?
Assume that AD is unable to comprehend two canonical names where components of the names are the same but the actual CN's are different.
Chris suggested: have a Grouper namespace that spans all object types, and Grouper would not allow creation of two objects with the same name.  Thus, In Grouper you would not be able to create a stem or folder with same name as a group.

Another approach is a rule or a hook to do a veto of an action when someone tries to create a stem or folder with same name as a group.

Should we have a provisioning engine capability that handles mapping just for provisioning to AD?
We do some mapping in PSP with AD already, such as for length issues.
What is the better approach?
There was a decision to limit how much to enhance PSP going forward.
Instead put development effort on specific change log consumers for more narrow provisioning targets.
It was agreed it would be best to have Grouper handle the issue (have the API disallow creation of same name objects) rather than the PSP

Chris: would we want the default going forward to be that object names must be unique? We could have one central table to create this constraint.
We would probably want a global switch; a global rule is simpler (rather than having the rule apply per namespace).
Could have a way to audit your namespace before turning on this rule.
Dave: would there be a tool in GSH to fix this?
Chris: could apply just to new objects, so it would not cause problems when you turn it on, even if history is not cleaned up.
Chris: if we use database approach there could be problems with foreign keys

This is the first time this issue has come up.
Decision: next time we ask the community about what the Grouper Project priorities should be, solicit community input on this.
Need to record this as an unassigned issue on the roadmap.

[AI] (Dave) record the Stem Name and AD Provisioing issue  in the Grouper roadmap (Done)

 
Multiple Subject Search Terms (continued)

https://lists.internet2.edu/sympa/arc/grouper-dev/2014-02/msg00005.html

Request from CMU about using "=searchterm" or "term1,term2,term3" to do exact match searching.
From last call: Chris will look into implementing a checkbox that says "Match Exact Ids"
Chris created this JIRA: https://bugs.internet2.edu/jira/browse/GRP-893

Further Discussion:
Use case is there are 5 user names and you want to add them to a group quickly.
Admin UI addresses this use case but Web UI does not.
Current solution using the Web UI is to add the names one at a time or do a batch import.

Q: How will this be address in the new Grouper UI for  Grouper 2.2
A: Open a Group, Click Add Members, Add or Import a list of members, Copy/paste a list of member ID's

A multi-select combo box may be looked at for a future release

[AI] (Chris) will follow up again with CMU on search terms issue

Rule Inheritance

Chris: Shilen has added the stem set table which links every stem to its ancestor at every level.
Now with one query, it is possible to see if a rule is attached to any stem at its ancestor level.

Grouper v2.2
https://spaces.at.internet2.edu/display/Grouper/Grouper+UI+redesign+v2.2
UI – Chris is making progress.

SCIM provisioning (Dave)

Code is now working that talks to Grouper and will talk to a SCIM endpoint.
Trying to get testing and unit tests built, will take a month or two.

Plan is that this SCIM provisioning feature will be part of the Grouper 2.2 release.

Misagh and Grouper Work

Misagh noted that there is a uPortal Grouper integration module in the Grouper source.
That module can be dropped form the Grouper source, since this now  exists in uPortal

[AI] (to be assigned=Chris) take the older code base out of Grouper for uportal connection

Misagh may take on a project to look at Grouper CAS integration based on a newer version of the CAS Client.
Q: Is the Grouper community interested in an updated Grouper CAS integration?
A: Tom: yes, excellent

Misagh is also interested in handling some easy JIRAs that the Grouper team would assign to him.

Next Grouper Call: Wed. Feb. 26, 2014 at noon ET

  • No labels