The Grouper custom UI

This is a new feature in api patch 2.4.96+

To use this a group is configured with attributes

Then there is link in the More Actions menu

That link goes to the custom ui, here is an example from penn:

The configuration is done with JSON from simple javabeans, here is an example, explained more later

Configuration attributes

The configuration is simple javabeans in JSON format

User query config bean

These configs identify variables that can be used in the screen to conditionally set text, adjust email text, etc.  They are set from some operation like checking a membership in a group or an LDAP or SQL call or something

The queries are of type: userQueryType which is from the enum: CustomUiUserQueryType: 

The queries assign variables which must be prefixed with "cu_" for "Custom UI"

You can configure a default that will fill in values for all config beans (maybe useful if there are a bunch of similar ldap calls)

FieldTypeRequired for typeOptional for typeDescription
expressionLanguage, grouper, sqluuid of attribute def to look up
if hardcoding the uuid of group in azure
sqlbind var for sql
sqlbind var type in sql: string or integer
sqlbind var for sql
sqlbind var type in sql: string or integer
sqlbind var for sql
sqlbind var type in sql: string or integer
configIdStringazure, ldapsqlid in grouper config for azure, ldap, or sql
azure, expressionLanguage, grouper, ldap, sqltrue or false if this var is enabled
errorLabelStringazureexpressionLanguage, grouper, ldap, sqllabel on screen for the error variable 
groupercomma separated privs in grouper, e.g. members, readers, admins, viewers, updaters, optins, optouts, groupAttrReaders, groupAttrUpdaters, creators, stemAdmins, stemAttrReaders, stemAttrUpdaters, attrReaders, attrUpdaters, attrDefAttrReaders, attrDefAttrUpdaters, attrOptins, attrOptouts, attrAdmins
azure, expressionLanguage, grouper, ldap, sqltrue if should run this rule for the logged in user (if manager using screun), or by default its the user being acted on (which might be the user logged in)
azure, expressionLanguage, grouper, ldap, sqlgroup uuid to look up a group
azure, expressionLanguage, grouper, ldap, sqlgroup name to look up a group
labelStringazure, expressionLanguage, grouper, ldap, sql
label to see on screen when variables are displayed
which attribute in ldap to retrieve
ldap filter to run
ldapif not using the default dn in connection, search in this dn
expressionLanguage, grouper, sqlname of attribute definition to lookup
azure, expressionLanguage, grouper, ldap, sqlinteger and rules will be ordered by this integer, when displayed on screen
sql query to execute
EL expression to run
expressionLanguage, grouper, sqluuid of stem to lookup
expressionLanguage, grouper, sqlname of stem to lookup
userQueryTypeStringazure, expressionLanguage, grouper, ldap, sql
identify the type of query, enter either: azure, expressionLanguage, grouper, ldap, sql
variableToAssignStringazure, expressionLanguage, grouper, ldap, sql
name of variable must start with cu_

you cant have two variables with the same name
variableToAssignOnErrorStringazureexpressionLanguage, grouper, ldap, sqlname of variable to assign on error, must start with cu_

you cant have two variables with the same name
expressionLanguage, grouper, ldap, sqltype of variable: boolean, integer, string

Built-in variables

These variables are there for you to key off.  Note: you should not start your variable names with "cu_grouper" since that namespace is for built in variables

Variable nameDescription
cu_grouperEnrolltrue if the user clicked the enroll button, false if the user clicked the unenroll button (e.g. for email templates)
cu_grouperTurnOffManagerurl variable if you do not want to see the manager panel

Text config beans

These are a little misnamed, they are for text or for other decisions about the screen.  Could be a boolean result.  It is strongly encouraged to externalize text in the UI externalized text config

These generally take the variables defined above, and use boolean logic to decide which text to show or who is allowed to do certain things

The type of text is the decision or text to compute.  The engine will run through the config and append the ones that match, unless the one that matches says to stop processing.  You can also have defaults

Every text bean returns a string, but if its "true" or "false" it will be interpreted as a boolean.

Text typeTypeDescription
canAssignVariablesbooleanif the screen allows variables to be assigned in the URL for testing.  e.g. to simulate various users and see how the screen responds
note: only allow trusted users to be able to do this.  Only Grouper admins can do this by default
canSeeScreenStatebooleanif the screen state analysis should be displayed on the screen to help the user understand why access exists or not. 
By default only Grouper admins can see screen state.  Note that more columns of the user environment will also display
canSeeUserEnvironmentbooleanif the user variables and results should display.  By default group readers and updaters can see this.  Note that these are
abbreviated if the user cannoy also see screen state
emailBccGroupNameStringif there are emails and a group should be bcc'ed then return the group name here
emailBodyStringif there are emails then this is the body.  Note you can have a template that is dynamic, or different templates in different scenarios
emailSubjectStringif there are emails then this is the subject.  Note you can have a template that is dynamic, or different templates in different scenarios
emailToUserbooleantrue if an email should be sent to user.  Note you can send under certain circumstances if you like
enrollButtonShowbooleantrue if the enroll button should show.  Note that the user cant enroll if they dont have optin on the group
enrollButtonTextStringButton text of enroll button.  Defaults to: Enroll
enrollmentLabelStringText above the enrollment button that shows the state of the enrollment or whatever else
headerStringThe H1 of the page
helpLinkStringLink where the help button goes
instructions1StringInstructions at the top of the page
logoStringLink for logo
managerInstructionsStringInstructions to appear for readers/updaters who are managing users in this group
unenrollButtonShowbooleantrue if the unenroll button should show.  Note that the user cant enroll if they dont have optout on the group.  Note that
the enroll and unenroll button will not show at once
unenrollButtonTextStringButton text of unenroll button.  Defaults to: Unenroll

Azure membership

Configure an azure connection in

grouper.azureConnector.myAzure.loginEndpoint =
grouper.azureConnector.myAzure.DirectoryID = 6c4dxxx0d
grouper.azureConnector.myAzure.client_id = fd805xxxxdfb
grouper.azureConnector.myAzure.client_secret = ******************
grouper.azureConnector.myAzure.resource =
grouper.azureConnector.myAzure.graphEndpoint =
grouper.azureConnector.myAzure.graphVersion = v1.0
grouper.azureConnector.myAzure.groupLookupAttribute = displayName
grouper.azureConnector.myAzure.groupLookupValueFormat = ${group.getName()}
grouper.azureConnector.myAzure.requireSubjectAttribute = PENNNAME
grouper.azureConnector.myAzure.subjectIdValueFormat = ${subject.getAttributeValue("PENNNAME")}

Run a membership check