1 / 18

Grouper Training Developers and Architects Advanced Topics

Grouper Training Developers and Architects Advanced Topics. Chris Hyzer Internet2 University of Pennsylvania. This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Contents. Introduction Change log XMPP consumer Custom consumer ESB connector. Hooks

dinah
Download Presentation

Grouper Training Developers and Architects Advanced Topics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grouper TrainingDevelopers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

  2. Contents Introduction Change log XMPP consumer Custom consumer ESB connector Hooks Rules Local entities Move / copy SQL interface

  3. Introduction to Advanced Topics 3

  4. Change log Grouper events from various services (UI, WS, loader, etc) are stored in change log Processed in order by the loader on cron (every minute?) Certain data about each event is stored Other data can be retrieved from registry or point-in-time Change log consumers can connect to external systems Change log consumers keep a pointer to latest successfully processed record for that consumer Failures in processing can be tried again 4

  5. XMPP consumer This is a generic consumer that can be configured for multiple clients You institution needs an XMPP server Need at least one non-person account for authn With one account you can differentiate by XMPP resource Generally for small apps on receipt of message you full refresh your cache Grouper Client can consume XMPP messages 5

  6. XMPP consumer configuration The Grouper admin needs to configure XMPP in general, and the specific configuration for one service Here is a config for notification on membership changes in a folder 6

  7. Custom change log consumer The Grouper admin needs to configure custom change log consumers Custom Java code examines change log messages and processes or ignores them 7

  8. ESB connector ESB connector processes inbound HTTPS or outbound HTTPS Grouper admin must configure Inbound is similar to the Grouper WS Outbound will send a WS message with the ESB protocol Configure per service like XMPP 8

  9. ESB connector configuration • e.g. send all membership change events to an ESB • Note, this example is two configurations 9

  10. ESB connector sample message • e.g. send all membership change events to an ESB 10

  11. Hooks • Hooks are custom Java plugins to the Grouper API which are called before or after Grouper events • Can register more than one hook for an event • The Grouper administrator needs to configure hooks • Can be transactional • Example: when a memberships is added or removed • Requires knowledge of the Grouper API 11

  12. Rules • Rules are special attributes on Grouper objects which cause actions to occur • Requires authorization from Grouper admin • Built-in or custom actions • Daemon can sync up rules on cron 12

  13. Rules examples • Without using a composite group, if a user is not an employee, do not let them get added to the app users group, and remove them if removed from employee • If a student is no longer in a course group, set a disabled date to the course wiki group for that student for 1 week in the future • If a group is created in a certain folder, assign READ/ADMIN privileges to a certain group 13

  14. Local entities • If you want to use a subject which is not in a subject source, you can create your own "local entity" • Scoped in a folder • Has privileges if want them to be private • e.g. for System users, applications, database schemas, non-person entities, etc • Can assign attributes on local entities 14

  15. Renaming • You can move or copy groups or folders • Moved groups can have one alternate name so it can still be resolved by the old name • There are several options: • Can copy privileges of group • Can copy members • Can copy attributes • etc. 15

  16. SQL interface • If the Grouper admin permits, you can have SQL access to Grouper • Read-only • Should get a database ID which has SELECT grants on certain Grouper tables/views • Common use case is to read large lists of memberships/privileges 16

  17. Quiz Click on the quiz link in the video description to reinforce your knowledge of this topic 17

  18. Thanks! • Further information: • Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper • Grouper demo server:grouperdemo.internet2.edu/ • Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

More Related