You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »


Wiki Home

Grouper Release Announcements

Grouper Guides

Grouper Deployment Guide

Community Contributions

Internal Developer Resources

Grouper will soon be able to sync a folder of groups with groups at box.com

Why use this?

You might want to share resources at box with departments or other groups in Grouper

Notes

If you grant a person to be a Box group admin, they can edit users too, generally this is not a good idea, but this integration protects you from that.

If you provision users just in time, you might want to run a SAML attribute assertion that puts people in groups just in time.

Setup integration (from README.txt)

- make a queue for messaging
GrouperSession grouperSession = GrouperSession.startRootSession();
GrouperBuiltinMessagingSystem.createQueue("box_queue");
Subject subject = SubjectFinder.findById("GrouperSystem");
GrouperBuiltinMessagingSystem.allowSendToQueue("box_queue", subject);
GrouperBuiltinMessagingSystem.allowReceiveFromQueue("box_queue", subject);
- configure a changelog consumer to send certain groups to the message system in grouper-loader.properties
changeLog.consumer.boxEsb.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
changeLog.consumer.boxEsb.quartzCron = 0 * * * * ?
changeLog.consumer.boxEsb.elfilter = event.groupName =~ '^box\\:groups\\:.*$' && (event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD')
changeLog.consumer.boxEsb.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
changeLog.consumer.boxEsb.publisher.messagingSystemName = grouperBuiltinMessaging
# queue or topic
changeLog.consumer.boxEsb.publisher.messageQueueType = queue
changeLog.consumer.boxEsb.publisher.queueOrTopicName = box_queue
- create a group, change a membership and run the change log consumer
ADD
GrouperSession grouperSession = GrouperSession.startRootSession();
Group group = new GroupSave(grouperSession).assignName("box:groups:someGroup").save();
Subject subject = SubjectFinder.findById("GrouperSystem");
group.addMember(subject, false);
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_changeLogTempToChangeLog");
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_consumer_boxEsb");
DELETE
GrouperSession grouperSession = GrouperSession.startRootSession();
Group group = new GroupSave(grouperSession).assignName("box:groups:someGroup").save();
Subject subject = SubjectFinder.findById("GrouperSystem");
group.deleteMember(subject, false);
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_changeLogTempToChangeLog");
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_consumer_boxEsb");
- create a box app auth token
https://docs.box.com/docs/getting-started-box-platform
Chriss-MacBook-Air:box mchyzer$ openssl genrsa -aes256 -out private_key.pem 2048
Chriss-MacBook-Air:box mchyzer$ openssl rsa -pubout -in private_key.pem -out public_key.pem
sign up for two step authn in box if not SSO
make application in box: https://app.box.com/developers/services
1. authentication type: server
2. user access: all users
3. scopes: manage users, manage app users, manage groups
4. advanced features: none
5. note client_id
6. note client_secret
7. redirect uri: https://localhost
8. under apps in admin console copy the API key from the app page ad paste in

- configure the grouper.client.properties
# if using include/exclude in grouper then exclude these groups in box
grouperBox.ignoreGroupSuffixes = _systemOfRecord, _includes, _excludes, _systemOfRecordAndIncludes, _includesMinusExcludes
# if there is a suffix...
grouperBox.subjectIdSuffix = TODO
# if require...
grouperBox.requireGroupInGrouper = a:b:c
grouperBox.folder.name.withBoxGroups = 
grouperBox.deleteGroupsInBoxWhichArentInGrouper

 

Configure

grouper.client.properties

# these are properties to add to grouperClient.properties


# put groups in here which go to box, the name in box will be the extension here
grouperBox.folder.name.withBoxGroups = a:b:c

# put the comma separated list of sources to send to box
grouperBox.sourcesForSubjects = someSource

# either have id for subject id or an attribute for the box username (e.g. netId)
grouperBox.subjectAttributeForBoxUsername = id

# is grouper the true system of record, delete box groups which dont exist in grouper
grouperBox.deleteGroupsInBoxWhichArentInGrouper = true

#the quartz cron is a cron-like string. 
# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger
grouperBox.fullSync.quartzCron = 0 0 5 * * ?

# authentication settings for WS
grouperBox.privateKeyFileName = 
grouperBox.privateKeyPass = 
grouperBox.publicKeyId = 
grouperBox.enterpriseId = 
grouperBox.clientId = 
grouperBox.clientSecret =

 

Install

This runs in the loader.  Get the grouper-misc/grouper-duo project.  Build (or download 2.1.5, 2.2.2) the jar for the grouper duo source.  Add in the duo client jars (4 of them).  Configure the grouper-loader.properties.  Note, the Duo client runs in Java7+.

  • No labels