Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
spaceKeyGrouper
pageTitleNavigation

Grouper has a change log consumer which can sync a folder in grouper Grouper and use the extensions of groups in the folder as group names in Duo.  It will also sync the group description to Duo. There is a daemon which will run periodically for a full refresh (nightly?).  The change log consumer will sync changes real time.

Children Display

Why use this?

You can have groups in Duo which are required for integrations.  This is another layer of authorization and deprovisioning for your systems.  For instance, you could have a group for your IT department, and require that group for your IT dept VPN, RDP, SSH.  Someone not in that group would not be able to use those resources at the Duo level.

...

Gliffy Diagram
nameGrouper duo integration
pagePin2

Configure

grouper-loader.properties

Code Block
# these are properties to add to grouper-loader.properties
# group duo admin domain name credentials
grouperDuo.adminIntegrationKey = 
grouperDuo.adminSecretKey = 
grouperDuo.adminDomainName = 


# put groups in here which go to duo, the name in duo will be the extension here
grouperDuo.folder.name.withDuoGroups = a:b:c


# put the comma separated list of sources to send to duo (values from subject.properties: subjectApi.source.<value>.id =<value>): minimum of 1 value is required.
grouperDuo.sourcesForSubjects = someSource,someOtherSource


# either have id for subject id or an attribute for the duo username (e.g. netId)
grouperDuo.subjectAttributeForDuoUsername = id


# is grouper the true system of record, delete duo groups which do dontnot exist in grouper
grouperDuo.deleteGroupsInDuoWhichArentInGrouper = true


# configure the duo change log consumer
changeLog.consumer.duo.class = edu.internet2.middleware.grouperDuo.GrouperDuoChangeLogConsumer


#the quartz cron is a cron-like string.  it defaults to every minute on the minute (since the temp to change log job runs
#at 10 seconds to each minute).  it defaults to this: 0 * * * * ?
#though it will stagger each one by 2 seconds
# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger
changeLog.consumer.duo.quartzCron = 


# Schedule full refresh
otherJob.duo.class = edu.internet2.middleware.grouperDuo.GrouperDuoFullRefresh
otherJob.duo.quartzCron = 0 0 5 * * ?

...


Install

This runs in the loader.  Get the grouper-misc/grouper-duo project.  Build (or download 2.1.5, 2.2.2) the jar for the grouper duo source.  Add in the duo client jars (4 of them).  Configure ( NOTE: 2.5 containers already have these jars.)  Configure the grouper-loader.properties.  Note, the Duo client runs in Java7+.