Date: Fri, 29 Mar 2024 09:38:09 +0000 (UTC) Message-ID: <353738660.7777.1711705089450@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7776_113672144.1711705089448" ------=_Part_7776_113672144.1711705089448 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
See info for sign= ing onto the Grouper demo here
There is a Grouper demo site that hosts all the Grouper tools (or it can= if you like). Note, this is not a production level service, this is = only to show how Grouper works. There is no service level agreement, = we might turn it off, do maintenance, etc.
h= ttps://grouperdemo.internet2.edu/
This is built similarly to the Groupe= r cloud documentation.
If you want access to it, please email grouper-dev@internet2.edu with wh= at userid(s) you would like, and what you would like to use. We can m= ake sure it is available, and assign you a password. We have the quic= kstart data set there, but you can get a stem to create what you like. = ; We might even be able to get you SSH credentials so you can run GSH...
docker = run --name postgres -e POSTGRES_USER=3Dpostgres -e POSTGRES_PASSWORD=3Dpass= -d -p 5432:5432 postgres:14
v5 generic
docker = run --name grouper -e GROUPERSYSTEM_QUICKSTART_PASS=3Dpass -e GROUPER_MORPH= STRING_ENCRYPT_KEY=3Dabc123 -e GROUPER_DATABASE_PASSWORD=3Dpass -e GROU= PER_DATABASE_USERNAME=3Dpostgres -e GROUPER_DATABASE_URL=3Djdbc:postgre= sql://172.17.0.1:5432/postgres -e GROUPER_AUTO_DDL_UPTOVERSION=3D'v5.*.*' = -d -p 8444:8443 i2incommon/grouper:5.8.7 quickstart
v4 tomcat ssl
docker = run --name grouper -e GROUPERSYSTEM_QUICKSTART_PASS=3Dpass -e GROUPER_MORPH= STRING_ENCRYPT_KEY=3Dabc123 -e GROUPER_DATABASE_PASSWORD=3Dpass -e GROU= PER_DATABASE_USERNAME=3Dpostgres -e GROUPER_DATABASE_URL=3Djdbc:postgre= sql://172.17.0.1:5432/postgres -e GROUPER_AUTO_DDL_UPTOVERSION=3D'v4.*.*' -= e GROUPER_RUN_APACHE=3Dfalse -e GROUPER_TOMCAT_HTTPS_PORT=3D8443 -e GROUPER= _SSL_CERT_FILE=3D/opt/container_files/certs/client/localhost.pem -e GROUPER= _SSL_KEY_FILE=3D/opt/container_files/certs/keys/localhost.key -d -p 8444:8= 443 i2incommon/grouper:4.11.3 quickstart
[mchyze= r@login1 ~]$ ssh -L 3306:localhost:3306 i2midev6
A grouper admin can add a WS user to the demo server:
[appadm= in@i2midev1 bin]$ sudo htpasswd /etc/httpd/conf.d/users.pass username [appadmin@i2midev1 bin]$ cd /opt/grouper/2.0.0/grouper.apiBinary-2.0.1/bin gsh 0% grouperSession =3D GrouperSession.startRootSession(); gsh 1% addSubject("username", "person", "User Name"); gsh 2% addMember("etc:webServiceClientUsers", "username"); Run this SQL: INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('username', 'loginid', 'username', 'username'); INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('username', 'name', 'User Name', 'user name'); INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('username', 'description', 'User Name', 'user name'); COMMIT; Add user to /etc/httpd/conf.d/grouper.conf Require user vsachdeva test jsmith rjohnson etc Bounce apache: /sbin/service httpd restart
Create a folder in the users folder somewhere, and grant access to this = and the UI user id of the user
Try the client. Download=
Configure the grouper.client.properties
grouper= Client.webService.url =3D https://grouperdemo.internet2.edu/grouper-ws_v2_0= _0/servicesRest grouperClient.webService.login =3D username grouperClient.webService.password =3D ***
Run the client as a test
C:\temp= \demoClient\grouper.clientBinary-2.0.3>java -jar grouperClient.jar --ope= ration=3DgroupSaveWs --name=3Dusers:misc:username:testGroup Success: T: code: SUCCESS_INSERTED: users:misc:username:testGroup
We have anonymous status to monitor the health of the demo server
https://grouperdemo.internet2= .edu/status_grouper_v2_3/status?diagnosticType=3Dall
Can add an apache directive (outside of authn)
ProxyPa= ss /status_grouper_v2_3/status ajp://localhost:8131/grouper_v2_3/status
Get the new releases:
[appadm= in@i2midev1 bin]$ cd /opt/grouper/1.6.1/ [appadmin@i2midev1 1.6.1]$ wget http://www.internet2.edu/grouper/release/1.= 6.1/grouper.apiBinary-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ tar xzvf grouper.apiBinary-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ wget http://www.internet2.edu/grouper/release/1.= 6.1/grouper.ui-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ tar xzvf grouper.ui-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ wget http://www.internet2.edu/grouper/release/1.= 6.1/grouper.ws-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ tar xzvf grouper.ws-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ wget http://www.internet2.edu/grouper/release/1.= 6.1/grouper.clientBinary-1.6.1.tar.gz [appadmin@i2midev1 1.6.1]$ tar xzvf grouper.clientBinary-1.6.1.tar.gz
Configure the grouper.properties:
[appadm= in@i2midev1 ~]$ emacs /opt/grouper/1.6.1/grouper.apiBinary-1.6.1/conf/group= er.properties
groups.= wheel.use =3D true configuration.autocreate.system.groups =3D true configuration.autocreate.group.name.0 =3D etc:webServiceClientUsers configuration.autocreate.group.description.0 =3D users allowed to log in to= the UI configuration.autocreate.group.subjects.0 =3D GrouperSystem, mchyzer configuration.autocreate.group.name.1 =3D etc:sysadmingroup configuration.autocreate.group.description.1 =3D sys admin users configuration.autocreate.group.subjects.1 =3D mchyzer
Configure the grouper.hibernate.properties:
[appadm= in@i2midev1 ~]$ emacs /opt/grouper/1.6.1/grouper.apiBinary-1.6.1/conf/group= er.hibernate.properties
hiberna= te.dialect =3D org.hibernate.dialect.MySQL5Dialect hibernate.connection.driver_class =3D com.mysql.jdbc.Driver hibernate.connection.url =3D jdbc:mysql://localhost:3306/grouper_v1_6_1 hibernate.connection.username =3D grouper_v1_6_1 hibernate.connection.password =3D ****
Init the registry, download this file into quickstart.xml, and this file into subjects.sql (get = the right one from right tag/branch)
[appadm= in@i2midev1 bin]$ wget -O quickstart.xml http://anonsvn.internet2.edu/cgi-b= in/viewvc.cgi/i2mi/tags/GROUPER_1_6_1/grouper-qs-builder/quickstart.xml?vie= w=3Dco [appadmin@i2midev1 bin]$ wget -O subjects.sql http://anonsvn.internet2.edu/= cgi-bin/viewvc.cgi/i2mi/tags/GROUPER_1_6_1/grouper-qs-builder/subjects.sql?= view=3Dco [appadmin@i2midev1 bin]$ ./gsh.sh -registry -drop -runscript [appadmin@i2midev1 bin]$ ./gsh.sh -test -all [appadmin@i2midev1 bin]$ ./gsh.sh -registry -runsqlfile subjects.sql [appadmin@i2midev1 bin]$ ./gsh.sh -xmlimportold GrouperSystem quickstart.xm= l
Add a user (if not already there):
[mchyze= r@i2midev1 bin]$ sudo htpasswd /etc/httpd/conf.d/users.pass username gsh 0% addSubject("mchyzer", "person", "Chris Hyzer"); gsh 0% addMember("etc:sysadmingroup", "mchyzer"); //insert other subject data with SQL (e.g. for mchyzer) INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('mchyzer', 'loginid', 'mchyzer', 'mchyzer'); INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('mchyzer', 'name', 'Chris Hyzer', 'chris hyzer'); INSERT INTO subjectattribute (subjectId, NAME, VALUE, searchValue) VALUES ('mchyzer', 'description', 'Chris Hyzer', 'chris hyzer'); COMMIT;
Edit the UI build.properties:
[appadm= in@i2midev1 grouper.ui-1.6.1]$ cd /opt/grouper/1.6.1/grouper.ui-1.6.1 [appadmin@i2midev1 grouper.ui-1.6.1]$ ant default [appadmin@i2midev1 grouper.ui-1.6.1]$ emacs build.properties grouper.folder=3D/opt/grouper/1.6.1/grouper.apiBinary-1.6.1 should.copy.context.xml.to.metainf=3Dfalse webapp.name=3Dgrouper_v1_6_1 default.webapp.folder=3D/opt/apache-tomcat-6.0.26/webapps/${webapp.name}
Run "ant default" for the UI
Edit proxy_ajp.conf
ProxyPa= ss /grouper_v1_6_1/ ajp://localhost:8009/grouper_v1_6_1/ ProxyPass /grouper-ws_v1_6_1/ ajp://localhost:8009/grouper-ws_v1_6_1/
Edit the jump page:
[mchyze= r@i2midev1 ~]$ sudo emacs /var/www/html/index.html
Move where logs are:
emacs /= opt/tomcat6/webapps/grouper_v1_6_2/WEB-INF/classes/log4j.properties ## Grouper API error logging log4j.appender.grouper_error =3D org.apache.log4j.RollingFileAppender log4j.appender.grouper_error.File =3D /opt/tomcat6/logs/grouper-ui_v1_6_1/g= rouper_error.log log4j.appender.grouper_error.MaxFileSize =3D 1000KB log4j.appender.grouper_error.MaxBackupIndex =3D 1 log4j.appender.grouper_error.layout =3D org.apache.log4j.PatternLayout log4j.appender.grouper_error.layout.ConversionPattern =3D %d{ISO8601}: [%t]= %-5p %C{1}.%M(%L) - %x - %m%n #log4j.appender.grouper_error.layout.ConversionPattern =3D %d{ISO8601}: %m%= n # Loggers ## Default logger; will log *everything* log4j.rootLogger =3D ERROR, grouper_error ## All Internet2 (warn to grouper_error per default logger) log4j.logger.edu.internet2.middleware =3D WARN
Get the build with a command like this:
[appadm= in@i2midev1 grouper2.0]$ /usr/bin/scp -B i2mibuild:/home/mchyzer/tmp/groupe= rAll/build_mchyzer/grouper.ws-2.0.0.tar.gz .
Edit the WS build.properties
[appadm= in@i2midev1 grouper-ws]$ cd /opt/grouper/1.6.2/grouper.ws-1.6.2/grouper-ws [appadmin@i2midev1 grouper-ws]$ emacs build.properties
grouper= .dir=3D/opt/grouper/1.6.1/grouper.apiBinary-1.6.1 webapp.name=3Dgrouper-ws_v1_6_1
Edit the grouper-ws.properties
[appadm= in@i2midev1 grouper-ws]$ emacs conf/grouper-ws.properties
ws.clie= nt.user.group.name =3D etc:webServiceClientUsers
Remove the authentication part of web.xml since apache does this on the = demo server and tomcat doesnt need to
[appadm= in@i2midev1 grouper.ws-1.6.2]$ cd /opt/grouper/1.6.2/grouper.ws-1.6.2/group= er-ws [appadmin@i2midev1 grouper-ws]$ emacs webapp/WEB-INF/web.xml Remove: <security-constraint> <web-resource-collection> <web-resource-name>Web services</web-resource-name> <url-pattern>/services/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>grouper_user</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Web services</web-resource-name> <url-pattern>/servicesRest/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>grouper_user</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Grouper Application</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to web service </description> <role-name>grouper_user</role-name> </security-role>
Build and copy the war to tomcat
[appadm= in@i2midev1 grouper-ws]$ mkdir /tmp/trash [appadmin@i2midev1 grouper-ws]$ mv /opt/tomcat6/webapps/grouper-ws_v1_6_1* = /tmp/trash [appadmin@i2midev1 grouper-ws]$ ant dist [appadmin@i2midev1 grouper-ws]$ cp build/dist/grouper-ws_v1_6_1.war /opt/to= mcat6/webapps/ [appadmin@i2midev1 grouper-ws]$ /sbin/service tomcat6 restart
Edit the grouper-ws log4j.properties
appadmi= n@i2midev1 logs$ emacs /opt/tomcat6/webapps/grouper-ws_v1_6_1/WEB-INF/class= es/log4j.properties ## Grouper API error logging log4j.appender.grouper_error =3D org.apache.log4j.RollingFileAppender log4j.appender.grouper_error.File =3D /opt/tomcat6/logs/grouper-ws_v1_6_1/g= rouper_error.log log4j.appender.grouper_error.MaxFileSize =3D 1000KB log4j.appender.grouper_error.MaxBackupIndex =3D 1 log4j.appender.grouper_error.layout =3D org.apache.log4j.PatternLayout log4j.appender.grouper_error.layout.ConversionPattern =3D %d{ISO8601}: [%t]= %-5p %C{1}.%M(%L) - %x - %m%n #log4j.appender.grouper_error.layout.ConversionPattern =3D %d{ISO8601}: %m%= n # Loggers ## Default logger; will log *everything* log4j.rootLogger =3D ERROR, grouper_error ## All Internet2 (warn to grouper_error per default logger) log4j.logger.edu.internet2.middleware =3D WARN
Edit the grouper.client.properties, make a new tarball, put on download = site:
[appadm= in@i2midev1 1.6.1]$ cd /opt/grouper/1.6.1 [appadmin@i2midev1 1.6.1]$ emacs grouper.clientBinary-1.6.1/grouper.client.= properties
# url o= f web service, should include everything up to the first resource to access # e.g. http://groups.school.edu:8090/grouper-ws/servicesRest # e.g. https://groups.school.edu/grouper-ws/servicesRest grouperClient.webService.url =3D https://grouperdemo.internet2.edu/grouper-= ws_v1_6_1/servicesRest # kerberos principal used to connect to web service grouperClient.webService.login =3D # password for shared secret authentication to web service # or you can put a filename with an encrypted password grouperClient.webService.password =3D
[appadm= in@i2midev1 tmp]$ cd /tmp [appadmin@i2midev1 tmp]$ mkdir grouper.clientBinary-1.6.1 [appadmin@i2midev1 tmp]$ cd grouper.clientBinary-1.6.1 [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ cp /opt/grouper/1.6.2/group= er.clientBinary-1.6.1/* . [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ rm *~ [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ ls BINARY-README.txt grouperClient.jar grouper.client.usage.example.txt grouper.client.example.properties grouper.client.properties grouper.client.= usage.txt [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ cd .. [appadmin@i2midev1 tmp]$ tar zcvf grouper.clientBinary-1.6.1.tar.gz grouper= .clientBinary-1.6.1 grouper.clientBinary-1.6.1/ grouper.clientBinary-1.6.1/grouper.client.usage.example.txt grouper.clientBinary-1.6.1/grouperClient.jar grouper.clientBinary-1.6.1/grouper.client.properties grouper.clientBinary-1.6.1/BINARY-README.txt grouper.clientBinary-1.6.1/grouper.client.example.properties grouper.clientBinary-1.6.1/grouper.client.usage.txt [root@i2midev1 1.6.1]# cp /tmp/grouper.clientBinary-1.6.1.tar.gz /var/www/h= tml/grouper/1.6.1
Test the grouper client
[appadm= in@i2midev1 grouperClient_1.6.1]$ /opt/grouper/1.6.1 [appadmin@i2midev1 1.6.1]$ mkdir grouper.clientDownloadUseThis [appadmin@i2midev1 grouper.clientDownloadUseThis]$ wget https://grouperdemo= .internet2.edu/grouper/1.6.2/grouper.clientBinary-1.6.1.tar.gz [appadmin@i2midev1 grouper.clientDownloadUseThis]$ tar xzvf grouper.clientB= inary-1.6.1.tar.gz [appadmin@i2midev1 grouperClient_1.6.1]$ emacs grouper.clientBinary-1.6.1/g= rouper.client.properties [appadmin@i2midev1 grouperClient_1.6.1]$ cd grouper.clientBinary-1.6.1 [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgroupSaveWs --name=3Dtest:testGroup --createParentStemsIfNot= Exist=3DT Success: T: code: SUCCESS_INSERTED: test:testGroup [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DaddMemberWs --groupName=3Dtest:testGroup --subjectIds=3DGrou= perSystem Index 0: success: T: code: SUCCESS: GrouperSystem [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetMembersWs --groupNames=3Dtest:testGroup GroupIndex 0: success: T: code: SUCCESS: group: test:testGroup: subjectInde= x: 0: GrouperSystem [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DhasMemberWs --groupName=3Dtest:testGroup --subjectIds=3DGrou= perSystem Index 0: success: T: code: IS_MEMBER: GrouperSystem: true [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DdeleteMemberWs --groupName=3Dtest:testGroup --subjectIds=3DG= rouperSystem Index 0: success: T: code: SUCCESS: GrouperSystem [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetGroupsWs --subjectIds=3DGrouperSystem SubjectIndex 0: success: T: code: SUCCESS: subject: GrouperSystem: groupInd= ex: 0: etc:webServiceClientUsers [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DstemSaveWs --name=3Dtest Success: T: code: SUCCESS_NO_CHANGES_NEEDED: test [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgroupDeleteWs --groupNames=3Dtest:testGroup1 Index 0: success: T: code: SUCCESS_GROUP_NOT_FOUND: test:testGroup1 [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DstemDeleteWs --stemNames=3Dtest2 Index 0: success: T: code: SUCCESS_STEM_NOT_FOUND: test2 [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetGrouperPrivilegesLiteWs --groupName=3Dtest:testGroup --su= bjectId=3DGrouperSystem Index 0: success: T: code: SUCCESS: group: test:testGroup: subject: Grouper= System: access: admin Index 1: success: T: code: SUCCESS: group: test:testGroup: subject: Grouper= System: access: read Index 2: success: T: code: SUCCESS: group: test:testGroup: subject: Grouper= System: access: update Index 3: success: T: code: SUCCESS: group: test:testGroup: subject: Grouper= System: access: view [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DassignGrouperPrivilegesLiteWs --groupName=3Dtest:testGroup -= -subjectId=3DGrouperSystem --privilegeName=3Dadmin --allowed=3Dtrue Success: T: code: SUCCESS_ALLOWED_ALREADY_EXISTED: group: test:testGroup: s= ubject: GrouperSystem: access: admin [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DfindGroupsWs --queryFilterType=3DFIND_BY_GROUP_NAME_APPROXIM= ATE --groupName=3DaStem:aGroup [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DfindGroupsWs --queryFilterType=3DFIND_BY_GROUP_NAME_APPROXIM= ATE --groupName=3Dtest:testGroup Index 0: name: test:testGroup, displayName: test:testGroup [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DfindStemsWs --stemQueryFilterType=3DFIND_BY_STEM_NAME_APPROX= IMATE --stemName=3Dtest:testGroup [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DmemberChangeSubjectWs --oldSubjectId=3Dtest.subject.qqq --ne= wSubjectId=3Dtest.subject.www Error with grouper client, check the logs: Bad response from web service: r= esultCode: PROBLEM_WITH_CHANGE, There were 0 successes and 1 failures of ch= anging members subjects. Error 0, result index: 0, code: MEMBER_NOT_FOUND, message: Subject: WsSubje= ctLookup[ cause=3Dedu.internet2.middleware.grouper.exception.MemberNotFoundException:= Cant find member with subjectId: 'test.subject.qqq', subjectFindResult=3DSUBJECT_NOT_FOUND, memberFindResult=3DMEMBER_NOT_FOUND,subjectId=3Dtest.subject.qqq] had probl= ems: MEMBER_NOT_FOUND Aug 14, 2010 11:36:41 AM edu.internet2.middleware.grouperClient.GrouperClie= nt main SEVERE: Bad response from web service: resultCode: PROBLEM_WITH_CHANGE, The= re were 0 successes and 1 failures of changing members subjects. Error 0, result index: 0, code: MEMBER_NOT_FOUND, message: Subject: WsSubje= ctLookup[ cause=3Dedu.internet2.middleware.grouper.exception.MemberNotFoundException:= Cant find member with subjectId: 'test.subject.qqq', subjectFindResult=3DSUBJECT_NOT_FOUND, memberFindResult=3DMEMBER_NOT_FOUND,subjectId=3Dtest.subject.qqq] had probl= ems: MEMBER_NOT_FOUND edu.internet2.middleware.grouperClient.ws.GcWebServiceError: Bad response f= rom web service: resultCode: PROBLEM_WITH_CHANGE, There were 0 successes an= d 1 failures of changing members subjects. Error 0, result index: 0, code: MEMBER_NOT_FOUND, message: Subject: WsSubje= ctLookup[ cause=3Dedu.internet2.middleware.grouper.exception.MemberNotFoundException:= Cant find member with subjectId: 'test.subject.qqq', subjectFindResult=3DSUBJECT_NOT_FOUND, memberFindResult=3DMEMBER_NOT_FOUND,subjectId=3Dtest.subject.qqq] had probl= ems: MEMBER_NOT_FOUND at edu.internet2.middleware.grouperClient.ws.GrouperClientWs.handleFailure(= GrouperClientWs.java:247) at edu.internet2.middleware.grouperClient.api.GcMemberChangeSubject.execute= (GcMemberChangeSubject.java:214) at edu.internet2.middleware.grouperClient.GrouperClient.memberChangeSubject= (GrouperClient.java:665) at edu.internet2.middleware.grouperClient.GrouperClient.main(GrouperClient.= java:363) [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetMembershipsWs --groupNames=3Dtest:testGroup [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DaddMemberWs --groupName=3Dtest:testGroup --subjectIds=3DGrou= perSystem Index 0: success: T: code: SUCCESS: GrouperSystem [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetMembershipsWs --groupNames=3Dtest:testGroup Index: 0: group: test:testGroup, subject: GrouperSystem, list: members, typ= e: immediate, enabled: T [appadmin@i2midev1 grouper.clientBinary-1.6.1]$ java -jar grouperClient.jar= --operation=3DgetSubjectsWs --subjectIds=3DGrouperSystem Index: 0: success: T, code: SUCCESS, subject: GrouperSystem
Grouper= Api: [mchyzer@i2mibuild bin]$ buildGrouper.sh trunk [mchyzer@i2midev1 grouper2.0]$ cd /tmp/grouper2.0/ [mchyzer@i2midev1 grouper2.0]$ sftp i2mibuild sftp> get /home/mchyzer/tmp/grouper/build_mchyzer/grouper.apiBinary-2.0.= 0.tar.gz [appadmin@i2midev1 2.0.0]$ cd /opt/grouper/2.0.0 [appadmin@i2midev1 2.0.0]$ rm -rf grouper.apiBinary-2.0.0* [appadmin@i2midev1 2.0.0]$ cp /tmp/grouper2.0/grouper.apiBinary-2.0.0.tar.g= z . [appadmin@i2midev1 2.0.0]$ tar xzvf grouper.apiBinary-2.0.0.tar.gz [appadmin@i2midev1 2.0.0]$ cp -Rv filesGrouper/* grouper.apiBinary-2.0.0/ [appadmin@i2midev1 2.0.0]$ cd grouper.apiBinary-2.0.0/bin [appadmin@i2midev1 bin]$ ./gsh.sh gsh 0% grouperSession =3D GrouperSession.startRootSession(); gsh 1% addStem(null, "test", "test"); gsh 2% addGroup("test", "testGroup0", "testGroup0"); gsh 4% addGroup("test", "testGroup1", "testGroup1"); gsh 5% addGroup("test", "testGroup2", "testGroup2"); gsh 6% addGroup("test", "testGroup3", "testGroup3"); gsh 7% grantPriv("test:testGroup0", "GrouperAll", AccessPrivilege.UPDATE); gsh 8% grantPriv("test:testGroup1", "GrouperAll", AccessPrivilege.UPDATE); gsh 9% grantPriv("test:testGroup2", "GrouperAll", AccessPrivilege.UPDATE); gsh 10% grantPriv("test:testGroup3", "GrouperAll", AccessPrivilege.UPDATE); gsh 11% grantPriv("etc:externalSubjectInviters", "GrouperAll", AccessPrivil= ege.UPDATE); GrouperUi: [mchyzer@i2mibuild bin]$ buildGrouperUi.sh trunk [mchyzer@i2midev1 grouper2.0]$ cd /tmp/grouper2.0/ [mchyzer@i2midev1 grouper2.0]$ sftp i2mibuild sftp> get /home/mchyzer/tmp/grouperUi/build_mchyzer/grouper.ui-2.0.0.tar= .gz [mchyzer@i2midev1 grouper2.0]$ sudo su - appadmin [appadmin@i2midev1 ~]$ cd /opt/grouper/2.0.0/ [appadmin@i2midev1 2.0.0]$ rm -rf grouper.ui-2.0.0* [appadmin@i2midev1 2.0.0]$ cp /tmp/grouper2.0/grouper.ui-2.0.0.tar.gz . [appadmin@i2midev1 2.0.0]$ tar xzf grouper.ui-2.0.0.tar.gz [appadmin@i2midev1 2.0.0]$ cp -Rv filesGrouperUi/* grouper.ui-2.0.0/ [appadmin@i2midev1 2.0.0]$ cd grouper.ui-2.0.0 [appadmin@i2midev1 grouper.ui-2.0.0]$ ant clean [appadmin@i2midev1 2.0.0]$ cd /opt/grouper/2.0.0/ [appadmin@i2midev1 2.0.0]$ cp -Rv filesGrouperUiTomcat/* /opt/tomcats/tomca= t_e/webapps/grouper_v2_0_0/ [appadmin@i2midev1 2.0.0]$ /sbin/service tomcat_e restart
[root@i= 2midev6 social-metadata]# pwd /etc/shibboleth/social-metadata [root@i2midev6 social-metadata]# wget https://grouper.proxy.cirrusidentity.= com/saml2/idp/metadata.php [root@i2midev6 social-metadata]# mv metadata.php cirrus.xml emacs /etc/shibboleth/shibboleth.xml <MetadataProvider type=3D"XML" legacyOrgNames=3D"true" file= =3D"social-metadata/cirrus.xml"/> [root@i2midev6 shibboleth]# /sbin/service shibd restart [root@i2midev6 shibboleth-ds]# pwd /etc/shibboleth-ds [root@i2midev6 shibboleth-ds]# diff idpselect_config.js idpselect_config.js= .20180502=20 46,47c46,47 < 'idpEntry.label': 'Or enter your organization\'s name. If you= don\'t belong to a federated Identity Provider, or if you can\'t log in wi= th your IdP, enter "Social login by Cirrus" from the list to log in with a = social identity.', < 'idpEntry.NoPreferred.label': 'Enter your organization\'s name= . If you don\'t belong to a federated Identity Provider, or if you can\'t = log in with your IdP, enter "Social login by Cirrus" from the list to log i= n with a social identity.', --- > 'idpEntry.label': 'Or enter your organization\'s name', > 'idpEntry.NoPreferred.label': 'Enter your organization\'s name= ', [root@i2midev6 shibboleth-ds]# diff idpselect.css idpselect.css.20180502 (div.IdPSelectTextDiv) 51c51 < /* height: 3.5ex; */ /* Add some height to separate the text from = the boxes */ --- > height: 3.5ex; /* Add some height to separate the text from the bo= xes */
There is a Social SAML gateway so facebook and google can login to the d= emo server UI. If there are problems with this email: Ewing, Bill [mailto:BEwing@utsystem.edu], Gary, James <jgary@utsystem.edu>
(set old passwords 0 avoid authentication p= lugin issues
SET old= _passwords=3D0; create USER 'readonly'@'%' IDENTIFIED BY 'xxx'; flush privileges; GRANT Select ON *.* TO 'readonly'@'%'; FLUSH PRIVILEGES;
March, 2017, we migrated from i2mi= build and i2midev1 to i2midev6. Note, to get to i2midev6 you have to = ssh to login.internet2.edu first. Same with webprod3
Manage mysql:
[root@i= 2midev6 ~]# systemctl start mariadb [root@i2midev6 ~]# systemctl restart shibd
Open a port of firewall
[root@i= 2midev6 zones]# firewall-cmd --permanent--add-port=3D15672/tcpsuccess
sdf
[root@i2midev6 zones]# firewall-cmd --permanent -= -add-port=3D15672/tcp
success
For sysadmin support email: techsupport@internet2.= edu
Nagios is connected to the status servlet and wil= l email the list: grouper-sysadmin@internet2.edu