You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


Wiki Home

Grouper Release Announcements

Grouper Guides

Grouper Deployment Guide

Community Contributions

Internal Developer Resources

Grouper will soon be able to sync a folder of groups with groups at box.com

Why use this?

You might want to share resources at box with departments or other groups in Grouper

Architecture

Grouper box integration

Notes

If you grant a person to be a Box group admin, they can edit users too, generally this is not a good idea, but this integration protects you from that.

If you provision users just in time, you might want to run a SAML attribute assertion that puts people in groups just in time.

Setup integration (from README.txt)

- make a queue for messaging
GrouperSession grouperSession = GrouperSession.startRootSession();
GrouperBuiltinMessagingSystem.createQueue("box_queue");
Subject subject = SubjectFinder.findById("GrouperSystem");
GrouperBuiltinMessagingSystem.allowSendToQueue("box_queue", subject);
GrouperBuiltinMessagingSystem.allowReceiveFromQueue("box_queue", subject);
- configure a changelog consumer to send certain groups to the message system in grouper-loader.properties
changeLog.consumer.boxEsb.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbConsumer
changeLog.consumer.boxEsb.quartzCron = 0 * * * * ?
changeLog.consumer.boxEsb.elfilter = event.groupName =~ '^box\\:groups\\:.*$' && (event.eventType eq 'GROUP_DELETE' || event.eventType eq 'GROUP_ADD' || event.eventType eq 'MEMBERSHIP_DELETE' || event.eventType eq 'MEMBERSHIP_ADD')
changeLog.consumer.boxEsb.publisher.class = edu.internet2.middleware.grouper.changeLog.esb.consumer.EsbMessagingPublisher
changeLog.consumer.boxEsb.publisher.messagingSystemName = grouperBuiltinMessaging
# queue or topic
changeLog.consumer.boxEsb.publisher.messageQueueType = queue
changeLog.consumer.boxEsb.publisher.queueOrTopicName = box_queue
- create a group, change a membership and run the change log consumer
ADD
GrouperSession grouperSession = GrouperSession.startRootSession();
Group group = new GroupSave(grouperSession).assignName("box:groups:someGroup").save();
Subject subject = SubjectFinder.findById("GrouperSystem");
group.addMember(subject, false);
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_changeLogTempToChangeLog");
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_consumer_boxEsb");
DELETE
GrouperSession grouperSession = GrouperSession.startRootSession();
Group group = new GroupSave(grouperSession).assignName("box:groups:someGroup").save();
Subject subject = SubjectFinder.findById("GrouperSystem");
group.deleteMember(subject, false);
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_changeLogTempToChangeLog");
GrouperLoader.runOnceByJobName(grouperSession, "CHANGE_LOG_consumer_boxEsb");
- create a box app auth token
https://docs.box.com/docs/getting-started-box-platform
Chriss-MacBook-Air:box mchyzer$ openssl genrsa -aes256 -out private_key.pem 2048
Chriss-MacBook-Air:box mchyzer$ openssl rsa -pubout -in private_key.pem -out public_key.pem
sign up for two step authn in box if not SSO
make application in box: https://app.box.com/developers/services
1. authentication type: server
2. user access: all users
3. scopes: manage users, manage app users, manage groups
4. advanced features: none
5. note client_id
6. note client_secret
7. redirect uri: https://localhost
8. under apps in admin console copy the API key from the app page ad paste in

- configure the grouper.client.properties
# if using include/exclude in grouper then exclude these groups in box
grouperBox.ignoreGroupSuffixes = _systemOfRecord, _includes, _excludes, _systemOfRecordAndIncludes, _includesMinusExcludes
# if there is a suffix...
grouperBox.subjectIdSuffix = TODO
# if require...
grouperBox.requireGroupInGrouper = a:b:c
grouperBox.folder.name.withBoxGroups = 
grouperBox.deleteGroupsInBoxWhichArentInGrouper

 

Configure

grouper.client.properties

# these are properties to add to grouperClient.properties


# put groups in here which go to box, the name in box will be the extension here
grouperBox.folder.name.withBoxGroups = a:b:c

# put the comma separated list of sources to send to box
grouperBox.sourcesForSubjects = someSource

# either have id for subject id or an attribute for the box username (e.g. netId)
grouperBox.subjectAttributeForBoxUsername = id

# is grouper the true system of record, delete box groups which dont exist in grouper
grouperBox.deleteGroupsInBoxWhichArentInGrouper = true

#the quartz cron is a cron-like string. 
# http://www.quartz-scheduler.org/documentation/quartz-1.x/tutorials/crontrigger
grouperBox.fullSync.quartzCron = 0 0 5 * * ?

# authentication settings for WS
grouperBox.privateKeyFileName = 
grouperBox.privateKeyPass = 
grouperBox.publicKeyId = 
grouperBox.enterpriseId = 
grouperBox.clientId = 
grouperBox.clientSecret =

 

Install

This runs in the loader.  Get the grouper-misc/grouper-duo project.  Build (or download 2.1.5, 2.2.2) the jar for the grouper duo source.  Add in the duo client jars (4 of them).  Configure the grouper-loader.properties.  Note, the Duo client runs in Java7+.

  • No labels