Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The configuration used to be done with JSON from simple javabeans, but now is done in configuration or from the UI.  See the Atlassian Jira Custom UI example for the current way to configure

User query config bean

These configs identify variables that can be used in the screen to conditionally set text, adjust email text, etc.  They are set from some operation like checking a membership in a group or an LDAP or SQL call or something


FieldTypeRequired for typeOptional for typeDescription
expressionLanguage, grouper, sqluuid of attribute def to look up
if hardcoding the uuid of group in azure
sqlbind var for sql
sqlbind var type in sql: string or integer
sqlbind var for sql
sqlbind var type in sql: string or integer
sqlbind var for sql
sqlbind var type in sql: string or integer
configIdStringazure, ldap, zoomsqlid in grouper config for azure, ldap, or sql
azure, expressionLanguage, grouper, ldap, sql, zoomtrue or false if this var is enabled
errorLabelStringazure, zoomexpressionLanguage, grouper, ldap, sqllabel on screen for the error variable 
groupercomma separated privs in grouper, e.g. members, readers, admins, viewers, updaters, optins, optouts, groupAttrReaders, groupAttrUpdaters, creators, stemAdmins, stemAttrReaders, stemAttrUpdaters, attrReaders, attrUpdaters, attrDefAttrReaders, attrDefAttrUpdaters, attrOptins, attrOptouts, attrAdmins
azure, expressionLanguage, grouper, ldap, sqltrue if should run this rule for the logged in user (if manager using screen), or by default its the user being acted on (which might be the user logged in)
azure, expressionLanguage, grouper, ldap, sqlgroup uuid to look up a group
azure, expressionLanguage, grouper, ldap, sqlgroup name to look up a group
labelStringazure, expressionLanguage, grouper, ldap, sql, zoom
label to see on screen when variables are displayed
which attribute in ldap to retrieve
ldap filter to run
ldapif not using the default dn in connection, search in this dn
expressionLanguage, grouper, sqlname of attribute definition to lookup
azure, expressionLanguage, grouper, ldap, sql, zoominteger and rules will be ordered by this integer, when displayed on screen
sql query to execute
scriptStringexpressionLanguageazure(2.5.30+), zoomEL expression to run
expressionLanguage, grouper, sqluuid of stem to lookup
expressionLanguage, grouper, sqlname of stem to lookup
userQueryTypeStringazure, expressionLanguage, grouper, ldap, sql, zoom
identify the type of query, enter either: azure, expressionLanguage, grouper, ldap, sql. dropdown.
variableToAssignStringazure, expressionLanguage, grouper, ldap, sql, zoom
name of variable must start with cu_
if the value is "default" then each attribute value will be the default for any bean without that set where its a valid value. dropdown.
you cant have two variables with the same name
variableToAssignOnErrorStringazure, zoomexpressionLanguage, grouper, ldap, sqlname of variable to assign on error, must start with cu_

you cant have two variables with the same name
expressionLanguage, grouper, ldap, sql, azure, zoomtype of variable: boolean, integer, string


Default user query bean to set some LDAP settings


Code Block

Built-in variables

These variables are there for you to key off.  Note: you should not start your variable names with "cu_grouper" since that namespace is for built in variables

Variable nameDescription
cu_grouperEnrolltrue if the user clicked the enroll button, false if the user clicked the unenroll button (e.g. for email templates)
cu_grouperTurnOffManagerurl variable if you do not want to see the manager panel

Text config beans

These are a little misnamed, they are for text or for other decisions about the screen.  Could be a boolean result.  It is strongly encouraged to externalize text in the UI externalized text config


Text typeTypeDescription
canAssignVariablesbooleanif the screen allows variables to be assigned in the URL for testing.  e.g. to simulate various users and see how the screen responds
note: only allow trusted users to be able to do this.  Only Grouper admins can do this by default
canSeeScreenStatebooleanif the screen state analysis should be displayed on the screen to help the user understand why access exists or not. 
By default only Grouper admins can see screen state.  Note that more columns of the user environment will also display
canSeeUserEnvironmentbooleanif the user variables and results should display.  By default group readers and updaters can see this.  Note that these are
abbreviated if the user cannoy also see screen state
emailBccGroupNameStringif there are emails and a group should be bcc'ed then return the group name here
emailBodyStringif there are emails then this is the body.  Note you can have a template that is dynamic, or different templates in different scenarios
emailSubjectStringif there are emails then this is the subject.  Note you can have a template that is dynamic, or different templates in different scenarios
emailToUserbooleantrue if an email should be sent to user.  Note you can send under certain circumstances if you like
enrollButtonShowbooleantrue if the enroll button should show.  Note that the user cant enroll if they dont have optin on the group
enrollButtonTextStringButton text of enroll button.  Defaults to: Enroll
enrollmentLabelStringText above the enrollment button that shows the state of the enrollment or whatever else
headerStringThe H1 of the page
helpLinkStringLink where the help button goes
instructions1StringInstructions at the top of the page
logoStringLink for logo
managerInstructionsStringInstructions to appear for readers/updaters who are managing users in this group
unenrollButtonShowbooleantrue if the unenroll button should show.  Note that the user cant enroll if they dont have optout on the group.  Note that
the enroll and unenroll button will not show at once
unenrollButtonTextStringButton text of unenroll button.  Defaults to: Unenroll
manageMembershipboolean(v2.5.38+) true or false, if the button will add the user to the group or remove them
redirectToUrlString(v2.5.38+) URL that the user should be redirected to after clicking button
gshScriptString(v2.5.38+) GSH script that should be run.  Note this is a stripped down version of GSH, so only use Java (no GSH functions), and 
fully qualify anything not in the base grouper or util java package.  This is for performance reasons.

GSH script to generate a text bean

Code Block
    customUiTextConfigBean = new edu.internet2.middleware.grouper.ui.customUi.CustomUiTextConfigBean();


    System.out.println(GrouperUtil.jsonConvertTo(customUiTextConfigBean, false));

JSON which is generated

Code Block


Always show header, note, this is the default for "header"


Code Block
   "text":"${!cu_o365twoStepEnrolled && cu_o365twoStepCanEnrollUnenroll && cu_twoStepUsers && cu_o365hasMailbox}"

User environment

You can show the variables, and results, and links to the grouper admin, the group manager (default), an arbitrary group, or the end user.  This explains the access (if the user needs something, if the access is provisioned, etc)

Note, you can control who has access to the user environment table with the customUiTextType: canSeeUserEnvironment

Text state

You can show another level of debugging by showing the text state.  By default only grouper admins can see this but you can show it to an arbitrary group with the customUiTextType: canSeeScreenState.  This explains why the decisions and text were made and shown the way they were.


  1. More columns in the user environment
  2. The decisions for the current user
  3. All text rules and how they are evaluated for the current user

Assign variables

If you are a Grouper admin (by default), or are allowed since customUiTextType: canAssignVariables.  You can send variables in the URL to simulate how the screen would look, to test all the rules


Someone enrolled

Azure membership

Configure an azure connection in