Grouper Call March 22, 2017


Chris Hyzer, Penn (Chair)
Shilen Patel, Duke
Jim Fox, U. Washington
Emily Eisbruch, Internet2


Action Items
[AI] (Chris and Bert)  turn action items into JIRAs where appropriate
[AI] (Chris)  upgrade to Apache Tomcat 8
[AI] (Shilen) will work on the graphing of instrumentation data
[AI] (Chris) add skeleton in UI for Shilen to do instrumentation work
[AI] (Chris) work with Jeff Hagley on server issues
[AI] (Bert) Encrypted password in ldaptive
[AI] (Chris)  Regarding GRP 1480, do we need to go through the code and look for hasPrivilege() and change to canHavePrivilege()? In 2.4 we can rename hasPrivilege to hasImmediatePrivilege, add the old back and deprecate

[AI] (Chris) add to Grouper roadmap an item on disabled date and point in time
[AI] (Shilen) add to instrumentation wiki steps for adding a new count (such as for provisioning data)
[AI] (Bert) create wiki page on the Groups that require members work-  GRP-1376
[AI]  (Chris)  status page for pspng (Gettes email)


[AI] (Bert) full sync runs but status in grouper loader log is not set to SUCCESS (Gettes email)
Changelog temp to change log speed
[AI] (Bert)  Paul Engle, 2/16, pspng and user defined attributes [GRP-1495]

[AI] (Bert) Marwan shahar and deleting groups in pspng? (2/20?)
[AI]  (Chris)  2/20 : Liam Hoekenga, inherited privileges.  Do they work for existing objects? (NO, they don’t, I need to fix this)
[AI] (Bert)  get back to Akki Kumar about when groups that require a member will be implemented, GRP-1376: PSPNG: Support groups that require a member
[AI]  (Chris)  Chad Redman 2/22: 2 issues: The source ID drop down list doesn't really show the "IDs" Also order seems random, so it takes a while to find the right source.
[AI]  (Chris) Chad Redman: GRP-1489: Can't type multiple lines in Add Members copy/paste
[AI]  (Chris) 2/23 Yoann Delattre: null pointer on privileges
[AI] (Bert) 2/23 Paul Engle: pspng authoritative all values of attribute
[AI] (Bert)  2/23 Julio Macavilca: malformed DN
[AI]  (Chris)  2/24: Jeff Mccollough The second issue is a redirect to the home screen if group creation is cancelled. It should be leaving the browser at the same level of view it had before the group creation screen is shown.
[AI] (Bert) 2/27: Paul Engle, I was excited when the grouper_loader_log seemed to indicate that the job finished in an hour or so. Less so once I looked at the log and realized it was actually still running its worker threads... :
[AI  (Chris)  GRP-1483 - ehcache large file sizes
[AI] (Chris) GRP-1484: grouper subject api diagnostics can see if subjects are ordered correctly on search (Chris to do by next wed)
[AI (Bert)  follow up with Martin Krenn on ldap passwords externalized
[AI (Bert) document the findings somewhere on wiki on Grouper and openldap for large groups
[AI] (Chris) add TIER API to the Grouper download page and do testing
[AI] (Chris) patches for accessibility
[AI] ( Chris) check member table to see if subject ID matches (Lookup a subject.  Get the identifier.  Look up by that identifier.  Make sure you get the subject with the right ID and identifier.)
[AI] (Bert) look at subject ID and subject Identifier terms and text on source diagnostics screen
[AI ] (Chris) GrouperSystem in another source (WS)
[AI] (Bert)  reply to Chris Sutherin UMBC on pspng examples
[AI] (Bert)  reply to Scott Koranda about massaging group names in provisioning
[AI] (Bert)  reply to Shaun K about name null in pspng
[AI] (Bert) to reply to Peter St Onge
[AI ] (Chris) get Grouper installer working for mysql and postgres
[AI ] (Chris), making delete group more efficient for large groups, fix issue with not allowed to delete group (email tues 1/17)
[AI] (Bert) Jeffrey Crawford email 1/12, full sync missing members
[AI] (Bert)  Scott Koranda email 1/12, error on change log consumer psp

[AI] (Bert) email the list about (a small) Office365 versus Dropbox and next PSP project

[AI] (Bert) document how to build PSP NG and patch it  [Bert needs to finish last couple steps] (AI for Chris to try it afterwards)  [Done, Bert’s updated the doc]
[AI] (Chris/Bert) put “make_patch” command in github  (Done) Bert will update the doc
[AI] (Bert) Put these in jira: Grace Periods, Membership Rules, People/Account subjects  
[AI] (Bert)  document the solution to “turn off old psp issue” that was raised on the list
[AI] (Bert) create PSP-NG Training Video (after necessary patches) using Camtasia
[AI] (Chris) make sure GrouperSystem can’t exist in other sources for WS


Completed Action Items
[AI] (Chris)  ask about TIER collector production in March 8, 2017 TIER Component architects call. (DONE)
[AI] (Chris) update diagnostics to have apache config for authentication [DONE]
[AI]  (Chris)  update the penn pspng script to include attribute names (DONE)
[AI  (Chris)   GRP-1480 - users with admin priv can't remove group via subject page (DONE)
[AI]  (Chris) clarify that the subject description should standalone since it is displayed by itself (DONE)



Current work tasks
 Vivek – Attestation
Misagh – on hold

• Grouper loader on UI 


Group agreed this work looks good and will be helpful model for future UI work

Chris also working on patches 

Bert – PSPNG

Shilen – Grouper Instrumentation



Grouper 2.4 timeline
• Decision to wait a few months to release Grouper 2.4


TIER Grouper Deployment Guide
• The community is encouraged to provide feedback during the consultation period of March 17 - April 17, 2017

• Thanks to U. Hawaii for providing feedback

Consultation for TIER Grouper Deployment Guide


Issue roundup
·         Bert at Global Summit?
·         Edits for GDG
·         Attribute framework discussion from Brigitte
·         Subject API in UI success
·         GRP-1495: PSPNG - Attribute Provisioning - Full control of destination attribute
·         GRP-1496: Membership GracePeriods: Associate with nested-group membership
·         GRP-1497: Membership Conditions: Subjects keep membership while they remain in another Group
·         GRP-1498: People vs Account Subjects
·         Instrumentation and server label
·         Centralized TIER collector
·         Grouper installation unix vs windows
·         Configuration in database vs config files
·         Struts in UI
·         Web service call and spaces getting removed
·         Integrating to Grouper with uuid vs system name
·         GRP-1492: multiple nodes loader - needs to check if job is still running  - patch released


·         Deleted group description
·         getChangeLogCategory() throws NPE in loader job
·         TIER instrumentation page:
·         Grouper 2.4 release - after  Global Summit
·         Oauth, openid connect, jwt, web service authn authz

·         Saving group ID for new groups when autofilled
·         Shaun Koh load test
·         Upgrade Tomcat to not be end of life
                   [AI] (chris)  upgrade to tomcat8
·         PSP and LDAP/AD
·         Which graphs do we want for instrumentation collector?
o   Counts over time
o   Counts of versions?
o   Rollups of counts across nodes?
·         I2midev6
[AI] (Chris) work with Jeff Hagley on server issues
·         Changelog category NPE
·         Delete groups if not used NPE
[AI] (Bert) Encrypted password in ldaptive
[AI for Chris] Regarding GRP 1480, do we need to go through the code and look for hasPrivilege() and change to canHavePrivilege()? In 2.4 we can rename hasPrivilege to hasImmediatePrivilege, add the old back and deprecate


Discussion on disabled date and point in time
Need to be able to expire groups
[AI] (Chris) will add to roadmap item on disabled date and point in time



Grouper BOF at 2017 Global Summit, Tuesday, April 25
Grouper Developers, please sign up for TIER F2F on Thurs April 27

Workshop at Open Apereo 

Grouper in Action - Access Management Strategies for Higher Education and Research
Jun 04, 2017, 1:30 PM - 4:30 PM



Next Grouper Call: Wed. April 5, 2017 at noon ET