...
Release | Tentative date or time frame | Support | Notes | ||
v1.6 | None | ||||
v2.0 | None | ||||
v2.1 | None | ||||
2v2.2 | None | ||||
2v2.3 | None | ||||
2v2.4 | Released August 2018 | None | |||
2v2.5 | Released April 2020 | None | |||
2v2.6 | Released September 2021 | None | Has both new provisioning and subject sources as well as old | ||
v4 | Released March 2023 | Stable release | Is same as 2v2.6, but using semantic versioning | ||
v5 | Estimated Q4 2022 | Experimental release | Will only have new provisioners and subject sources (data fields)
| ||
6.0 | Estimated Q4 2023 | Not released | Stable version of v5 | ||
v7 | Estimated Q4 2024 | Not released | Will redo how data is stored in the database in order to make things faster and use fewer resources |
...
So while the Grouper developers are coding v7 (fall 2022 to fall 2023) and supporting 2v2.6 and v5, the community can work on reconfiguring and upgrading to the new provisioners and subject sources.
...
What Happened? | Item | Description |
---|---|---|
v5 (DONE) | Add Grouper data field system | Manage user attributes and identifiers differently than the legacy subject source system |
v5 (DONE) | Single process container | Only run Tomcat in container, not TomEE, Apache, ShibSP |
v5 (DONE) | Remove pspng and legacy provisioners | Only new provisioning framework, change log consumers, ESB consumers (including messaging) available |
v5 (DONE) | Evaluate which upstream linux container should be used | Rocky linux |
v4 | GSH loader | Allow a loader to be a GSH script to load groups and memberships (like SQL) |
v4 | Unicon authn | Add Unicon authn in container which implements SAML in java (and other things, CAS, etc) |
2v2.6 (DONE) | Add remedy provisioners | |
2v2.6 (DONE) | Box provisioner | |
2v2.6 (DONE) | Rewrite Grouper SCIM server | Replace the current J2EE SCIM server to only need tomcat |
2v2.6 (DONE) | Support JSON in grouper client | grouper client currently does XML but should do JSON (by default with option to switch back) |
2v2.6 (DONE) | Add OIDC UI authn | OIDC UI |
2v2.6 (DONE) | Streamline provisioning configuration | Make it easier to configure before more people start using it (v2.6 change). There would be an upgrade instruction to run a script to help you transition (including script configs). e.g. CRUD and validation. Change docs/tests. |
2v2.6 (DONE) | Add provisioning loaders for non generic provisioners | Add loader for provisioners (not SQL or LDAP) like Duo or Zoom |
2v2.6 (DONE) | Group attributes on edit screen | Have some configured group attributes on the group edit screen |
2v2.6 (DONE) | Add provisioning config scaffolding | Add scaffolding for provisioning configs to generate a starting point |
2v2.6 (DONE) | Add OSGI to Grouper | Add strategy to have plugins on their own classpath |
2v2.6 (DONE) | Entity global attribute resolver | Define a SQL or LDAP generic entity resolver which can be used in Grouper features like ABAC or provisioning |
2v2.6 (DONE) | ABAC JEXL scripted groups | JEXL based access policies based on memberships or attributes |
2v2.6 (DONE) | Improve folder security performance | Might need an extra table to hold part of the folder security decision |
2v2.6 (DONE) | Finalize LDAP provisioner | |
2v2.6 (DONE) | Add Google provisioner | |
2v2.6 (DONE) | Finish provisioning diagnostics | |
2v2.6 (DONE) | Finalize Azure provisoiner | |
2v2.6 (DONE) | Add SQL provisioner | |
2v2.6 (DONE) | Add box provisioner | |
2v2.6 (DONE) | Add Duo role provisioner | Admin roles |
2v2.6 (DONE) | Add WS authn options | Trusted JWT WS, self-service JWT WS, OIDC WS |
2v2.5 (DONE) | Add database columns | Add database columns for group expiry (membership expiry already exists), and membership notes (maybe an attribute instead). Anything else for point-in-time? "visible" flag for UI for groups. password table for revamped WS authn. Service account subject source table? provisioning status. provisioning group status? log table? email batching? config PIT table |
2v2.5 (DONE) | Revise build environment and dependency retrieval | Revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync) Possible options:
Need to figure out versions for each dependency. |
2v2.5 (DONE) | Real time message based provisioning | Allow messaging to take events to provision new netIds (pspng) |
2v2.5 (DONE) | Add unicon azure integration to grouper | Add the unicon azure integration to grouper. https://github.com/Unicon/office365-and-azure-ad-grouper-provisioner |
2v2.5 (DONE) | GSH templates | Look at how the community uses GSH and move those needs into the UI |
2v2.5 (DONE) | Subject source adapter configuration wizard | Have grouper subject source adaptor configuration in the UI like the loader config. Explore including Midpoint and Comanage if useful |
2v2.5 (DONE) | LDAP provisioning | Improve PSPNG so it is more performant and accurate. |
2v2.5 (DONE) | Provisioning in UI | Add UI elements to troubleshoot and monitor provisioning. |
2v2.5 (DONE) | Daemon configuration | UI elements to add/edit/remove Grouper daemons including configuration specific to each type of daemon |
2v2.5 (DONE) | External systems wizards | Wizards to guide administrators through configuring, managing, testing external systems. External systems and things Grouper connects to and generally have endpoints, credentials, and settings. |
2v2.5 (DONE) | Provisioning configuration wizard | UI screens to configure a provisioner and assign provisioning to folders and groups |
2v2.5 (DONE) | Provisioning controls on grouper objects | Screens on folders, groups, memberships, and subject to view, troubleshoot, and fix provisioning. Reports of activity, errors, etc. |
2v2.5 (DONE) | Gantt chart for jobs | See when jobs have executed, job overlap, how long jobs take, success or error |
2v2.5 (DONE) | Update WS/UI authn | Basic authn in database. Passwordless WS authn in future |
2v2.5 (DONE) | Grouper installer installs container | Grouper installer wizard walks through running Grouper in container |
2v2.5 (DONE) | Container redesign | One servlet container, easier mounts, one directory structure, fewer processes, maven build, patchless |
2v2.4 patch (DONE) | attributes on memberships | allow direct and indirect attributes on memberships in UI |
2v2.5 (DONE) | Require container | Grouper requires a container to run. No tarballs will be distributed. The grouper installer will install the container easily |
2v2.5 (DONE) | Expire dates on groups | GRP-849: add enable/disable dates on groups like memberships and permisisons |
2v2.4 patch (DONE) | Custom join/leave/analyze UI | Simple custom join/leave UI, also analyze access |
2v2.5 (DONE) | Improve pagination in WS | Cursor based paging |
2v2.5 (DONE) | Add some web services | Add GRP-2153: Add audit log functions to the Web Service Add point in time options for WS get members, get groups, group save, get memberships |
2v2.4 patch (DONE) | Screens to show attribute assignments from attribute def (name) | GRP-2302: create screen to show attribute assignments from an attribute def GRP-2303: create screen to show attribute assignments from an attribute def name |
2v2.4 patch (DONE) | Allow configuration to be stored in database | Allow configuration to be stored in the database so common configuration is shared among all JVMs. Of course some configuration wouldnt be eligible for this (e.g. database connection information, passwords, etc) |
2v2.4 patch (DONE) | Templates | Templates can create multiple folders / groups / privileges / etc at once based on a wizard UI. Built in template for a service/application, and TIER Grouper Deployment Guide structure |
2v2.4 patch (DONE) | Real time message based loading LDAP by person | Allow messaging to take events to update a user in loader jobs (ldap) |
2v2.4 patch (DONE) | Disable loader jobs | Add ability to disable loader jobs |
2v2.4 patch (DONE) | Provisioning in UI | Manage and which folders and groups get provisioned in the UI |
2v2.4 patch (DONE) | Improve performance | Look at recent Grouper performance issues and make improvements |
2v2.4 patch (DONE) | Tag Grouper Types | Add ability to tag Reference / Basis / Authorization groups. Show this information to describe access policy |
2v2.4 patch (DONE) | Visualizing Grouper | Allow the ability to show a visual graph representation of group, privilege, and permission relationships |
2v2.4 patch (DONE) | Membership reports | See which users in a group or a folder of groups are not active. Add other attributes. Download reports. Schedule reports. |
2v2.4 patch (DONE) | Membership approvals | Add simple workflow (approval) for an OPTIN or UPDATE operation on a group |
2v2.4 patch (DONE) | Show disabled memberships | Show disabled memberships and privileges on demand and allow the user to configure enabled/disabled dates in more flexible way |
2v2.4 patch (DONE) | USDU expiration dates | Allow USDU to clean up unresolvable subjects that have been unresolvable for X days |
Completed in 2v2.3 | Provision to BMC Remedy | Provision memberships into remedy and digital marketplace |
Completed in 2v2.3 patch | Deprovisioning | User interface to manage deprovisioning of subjects https://spaces.at.internet2.edu/x/ZQlhBg |
Completed in 2v2.4 | Finish the new UI, replace admin and lite UI | Add features into the new Grouper 2v2.2 UI so that everything from the admin UI and the lite UI can be performed in the new UI. Remove the admin and lite UIs (redirect outdated links). Add user based auditing and overall auditing. Add new features like the ability to easily configure "rules" in the UI |
Completed in 2v2.3 | Require Java8, Tomcat8 | Standardize and require java8 |
Completed in 2v2.3 | Add new messaging strategies | Add new messaging strategies in the Grouper Messaging system for ActiveMQ, AMQP (e.g. RabbitMQ), AWS |
Completed in 2v2.3 | Attestation | Groups and folders can be marked to require periodic membership review. Reminders will be emailed to group owners |
Completed in 2v2.3 | TIER API in installer | The TIER API Tomee service is installed with the grouper installer |
Completed in 2v2.3 | Grouper loader in UI | User interface to show loader configuration, diagnostics, logs, wizard editor |
Completed in 2v2.3 | Subject source diagnostics in UI | User interface to analyze, diagnose, and recommend improvements for subject source configuration |
Completed in 2v2.3 | Harmonize configuration | Convert sources.xml and ehcache.xml to be cascaded properties files |
Completed in 2v2.3 | Grouper loader real time updates | Allow a change log table (SQL triggers) or messages to trigger loader updates for a partial population or single user |
Completed in 2v2.3 | Grouper instrumentation | Improve and standardize Grouper logging to provide centralized metrics at an institution and the ability to upload stats to a central Internet2 server
|
Completed in 2v2.3 | TIER packaging for 2v2.4 | In the TIER packaging for Grouper, create Grouper docker container, integrate Grouper with Shibboleth, configure PSPNG, configure user registration with COmanage |
Completed in 2v2.3 | UI accessibility | Incorporate recommendations from Colorado UI accessibility review |
Completed in 2v2.3 | Improve gsh by adding readline like capabilities (line editing, tab completions, history, etc). Use groovysh instead of beanshell. | |
Completed in 2v2.3 | Inbound messages | Allow Grouper to read a message queue and act on messages (e.g. membership changes etc) |
Completed in 2v2.3 | Update third party dependencies | Update third party dependncies and have strategy to easily do this on each release. Document which libraries are used and licenses. |
Completed in 2v2.3 | upgrade vt-ldap | to ldaptive (PSPNG to use ldaptive). Use adaptor |
Completed in 2v2.2 | Built-in support for managing unix GIDs by assigning a numeric ID to each group and folder. | |
Completed in 2v2.2 | Migrate from legacy attributes to the new attribute framework in a transparent way. The old API and WS and UI should still work correctly. Plan to migrate lists and hooks as well. | |
Completed in 2v2.2 | COmanage integration | Work cooperatively with the COmanage project to integrate Grouper within COmanage. Integer group ID's, WS operation tweaks |
Completed in 2v2.2 | Subject security realms | Differently users might have different privacy requirements for the Subject API. Security by realm is implemented in the JDBC2 source adapter. Callers pass in which "realm" the search should take place in, and the source can adjust how the search takes place, what attributes look like, etc. |
Completed in 2v2.2 | Grouper user data | Store information about a user in grouper in a generic way. e.g. recently used objects. favorites, etc. |
Completed in v2.1 | In-built load-balancing to enable highly available read-only access to the Groups Registry via web services. | |
Completed in v1.6-v2.1 | PSP, formerly Ldappc NG | Complete work on the new provisioning connector, built from the Shibboleth Attribute Resolver and SPML components. Integrate with Grouper notifications for asynchronous, incremental updating in addition to periodic batch style updating. Includes specific support for Active Directory. Package a Shibboleth DataConnector for Grouper. |
Completed in v2.1 | Dynamic group membership | Dynamically maintain groups and memberships based on LDAP-resident attributes. |
Completed in v2.0 | Point in Time Audit | Query the state of the groups registry at a prior point in time. |
Completed in v2.0 | Rules | Declarative triggers that perform changes to the Grouper Registry. |
Completed in v2.0 | Federated group membership and privileges | Built-in support for memberships and Grouper privileges to be assigned to federated identities. |
Completed in v2.0 | Federated group management | Enable groups from autonomous Grouper instances to be referenced by and incorporated into another Grouper instance. |
Completed in v2.0 | PDP | The Grouper permissions web service takes into account allow/disallow and limits to give the decision of access back to the requestor |
Completed in v2.0 | Lite UI enhancement | Support easier to use end-user UI components in addition to the existing administrative UI. Initial component, for managing membership of a single group, is in v1.5. |
Completed in v2.0 | Integrate with VOOT | Integrate Grouper with VOOT (group protocol for cloud webapps), experimental... |
Completed in v1.6-v2.1+ | Notification of changes | In v1.6, build on the initial implementation of incremental group, membership, and folder (or namespace) change notifications in v1.5 to provide notification based on flattened group membership to more efficiently enable relying parties to maintain membership lists. Also in v1.6, partner with a deployment using an asynchronous messaging infrastructure (perhaps an ESB) to drive enhancement of the toolkit for that style of data integration. |
Completed in v1.6 | Attribute framework | Complement the existing ad hoc attribute on groups with the ability to define and associate attributes of various types to groups, memberships, and folders. Initial release was in v1.5, comprising marker attributes. Additional attribute types in v1.6. Expose attribute framework suitably through web services interfaces in v1.6. |
Completed in v1.6 | Kuali Identity Management integration | A connector that enables Kuali Rice to delegate group management to Grouper. |
Completed in v 1.6 | Subject Web Service | Expose Subject API methods suitably via Grouper Web Services so that clients don't have to build their own way to reference Subjects. |
Completed in v 1.6 | External workflow integration | Integrate Grouper with Kuali Enterprise Workflow (v1.6), and maybe other implementations. |
Completed in v1.5 | Namespace Transition Support | The hierarchy of folders (or naming stems) in a deployment will change over time. This supports the ability to logically move or copy a group, a selection of groups, or a folder from one folder to another. This complements the capability of the XML Import/Export tool for prune & graft operations for large scale changes. |
Completed in v1.5 | User Audit | Report on who took which administrative action when. |
Completed in v1.4 | Extension hooks | Implement infrastructure within the Grouper API to enable independent extension of key internal events. Pre- and post-processing hooks will be provided for each "primitive API operation". This would make certain other tasks more feasible, notably "Notification of changes" in this roadmap and incorporation of a site's business rules. |
Completed in v1.4 | Enhance Web Services | Solidify the experimental Web Services support released in 1.3.0 based on field experience. |
The issue has been resolved with improved Grouper configuration and the cessation of the Signet project. | Configuration and binding framework for I2MI | Identify and implement a framework in which combinations of I2MI components (currently Grouper API, Grouper UI, Grouper Web Services, Signet API, Signet UI, Ldappc, and Subject source adapters) can be easily integrated (not just in a single JVM). This is largely an issue of managing configuration and 3rd party libraries. The Spring application framework is an example of what might be used to address this need. |
This was overtaken by the "Enhance Web Services" item in the roadmap. | Web service interface facades | Determine which subsets of native API capabilities should be exposed through more focused end points to facilitate access by applications to Grouper- and Signet-provided access management capabilities. Also investigate how facades may be used to manage access to underlying group and privilege management and query capabilities. |
Not yet assigned | Further KIM-Grouper integration | Refine the Kuali KIM services interfaces and extend existing integration beyond group-level into roles & permissions. |
Not yet assigned | Further uPortal-Grouper integration | Complete Phase II deliverables. Time frame for Phase III deliverables still to be determined in concert with uPortal team. |
Not yet assigned | Security plugins | Spring security, Shiro, .NET plugins for Grouper WS that might be able to be distributed with the plugin itself. Initial proof-of-concept code available: https://spaces.at.internet2.edu/display/Grouper/Unicon+Grouper+Contributions. |
...