This page is in need of updating. It does not currently reflect the most up-to-date information.
Grouper is Licensed under the Apache 2.0 license.
With the 1.0 release, Grouper includes an XML import and export tool that can be used for episodic or periodic provisioning of group info to other contexts. The GrouperShell can likewise be used to load and retrieve group information.
With the release of Ldappc 1.0 (the LDAP Provisioning Connector) we now have a near-real-time "provisioning connector" that can update LDAP directories or other run-time security infrastructure services. See LDAP Provisioning Connector for more information.
With the release of Grouper 1.2.0 there is also a Web Services interface to Grouper. See https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+Product for more information.
No. They are there only to support the quickstart demo and testing the API. They can safely be removed or ignored if you are using an outside subject source such as an LDAP directory.
The GrouperShell can be used for this purpose. See Initializing Administration of Privileges for the details.
Yes. Custom single-valued string attributes and lists of subjects can be added to Grouper groups and subsequently managed by the API and the UI. See Custom Group Types for all of the details.
By default, Grouper relies on an external authentication service to identify authenticated principals to it through the servlet container's REMOTE_USER, so configure your shibboleth AAP to provide a suitable identifier to Grouper as REMOTE_USER. In addition, you'll need to arrange that the same identifiers are provided to Grouper through a source adapter so that shibboleth-authenticated principals can have a security context created for them. Note, if you want grouper to use REMOTE_USER or something other than tomcat authentication then you need to take out the security configuration in the web.xml if it is there: e.g. security-constraint, login-config, security-role.
One cause may be that you have run out of tablespace - try extending your tablespace for the Grouper database.
One way is to add the CA cert to the list of trusted CAs that the Java JRE keeps. The JRE provides the keytool executable to help you manage the list. With JAVA_HOME set appropriately and JAVA_HOME/bin in your path you should be able to run
keytool -import -file /path/to/cacert/file.pem -keystore $JAVA_HOME/jre/lib/security/cacerts
Note that the default password is 'changeit'. You should change it! See http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html for details on the keytool and how to change the password for the trusted CA keystore.
Click here for some simple client examples that use the PHP SOAP extension
Questions or comments? Contact us.