The Grouper custom UI
- Helps end users and administrators view and troubleshoot access state and problems
- Allows end users to easily opt in or opt out of a group without all the bells and whistles of the Grouper UI
This is a new feature in 2.4.57+
To use this a group is configured with attributes
- customUi (marker)
- customUiOverallBean (overall configuration)
- customUiUserQueryConfigBeans (set variables)
- customUiTextConfigBeans (use those variables to change the UI)
Then there is link in the More Actions menu
Example configuration
Configuration attributes
The configuration is simple javabeans in JSON format
Overall bean
| Field | Type | Description |
|---|---|---|
| managersCanSeeUserEnvironment | Boolean | if managers can see user environment (default true) |
| managersCanAssignVariables | Boolean | if managers can assign variables in browser for testing (default false) |
| managersCanSeeScreenState | Boolean | if managers can see screen state (default false) |
| usersCanSeeUserEnvironment | Boolean | if users can see environment table (default false) |
| emailEnrollSubject | String | subject of email when someone enrolls |
| emailEnrollBody | String | body of email when someone enrolls |
| emailUnenrollSubject | String | subject of email when someone unenrolls |
| emailUnenrollBody | String | body of email when someone unenrolls |
| sendEmailWhenManagerMakesChanges | Boolean | if user is emailed when manager adds/removes from custom ui |
| emailToUser | Boolean | if user is emailed when using join/leave |
| emailBccToGroupName | String | group name that is bcc'ed on usage |
GSH example to generate the JSON
customUiOverallBean = new edu.internet2.middleware.grouper.ui.customUi.CustomUiOverallBean();
customUiOverallBean.setManagersCanAssignVariables(true);
customUiOverallBean.setEmailToUser(true);
customUiOverallBean.setEmailBccToGroupName("penn:isc:ait:apps:O365:twoStepProd:simpleEnrollUnenroll:o365twoStepAllowedToAdmin");
customUiOverallBean.setEmailEnrollBody("${textContainer.text['penn_o365twoStep_enroll_emailBody']}");
customUiOverallBean.setEmailEnrollSubject("${textContainer.text['penn_o365twoStep_enroll_emailSubject']}");
customUiOverallBean.setEmailUnenrollBody("${textContainer.text['penn_o365twoStep_unenroll_emailBody']}");
customUiOverallBean.setEmailUnenrollSubject("${textContainer.text['penn_o365twoStep_unenroll_emailSubject']}");
customUiOverallBean.setSendEmailWhenManagerMakesChanges(true);
customUiOverallBean.setManagersCanSeeScreenState(true);
customUiOverallBean.setManagersCanSeeUserEnvironment(false);
System.out.println(GrouperUtil.jsonConvertTo(customUiOverallBean, false));
Example JSON
{
"managersCanSeeUserEnvironment":false,
"emailEnrollBody":"${textContainer.text['penn_o365twoStep_enroll_emailBody']}",
"emailEnrollSubject":"${textContainer.text['penn_o365twoStep_enroll_emailSubject']}",
"emailToUser":true,
"emailUnenrollBody":"${textContainer.text['penn_o365twoStep_unenroll_emailBody']}",
"emailBccToGroupName":"penn:isc:ait:apps:O365:twoStepProd:simpleEnrollUnenroll:o365twoStepAllowedToAdmin",
"sendEmailWhenManagerMakesChanges":true,
"managersCanSeeScreenState":true,
"emailUnenrollSubject":"${textContainer.text['penn_o365twoStep_unenroll_emailSubject']}",
"managersCanAssignVariables":true
}
User query config bean
Azure membership
Configure in grouper.properties
grouper.azureConnector.myAzure.loginEndpoint = https://login.microsoftonline.com
grouper.azureConnector.myAzure.DirectoryID = 6c4dxxx0d
grouper.azureConnector.myAzure.client_id = fd805xxxxdfb
grouper.azureConnector.myAzure.client_secret = ******************
grouper.azureConnector.myAzure.resource = https://graph.microsoft.com
grouper.azureConnector.myAzure.graphEndpoint = https://graph.microsoft.com
grouper.azureConnector.myAzure.graphVersion = v1.0
grouper.azureConnector.myAzure.groupLookupAttribute = displayName
grouper.azureConnector.myAzure.groupLookupValueFormat = ${group.getName()}
grouper.azureConnector.myAzure.requireSubjectAttribute = PENNNAME
grouper.azureConnector.myAzure.subjectIdValueFormat = ${subject.getAttributeValue("PENNNAME")}@upenn.edu
Run a membership check