Grouper TrainingDevelopers and Architects

Advanced Topics

Chris Hyzer

Internet2

University of Pennsylvania

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

2

Contents

• Introduction• Change log• XMPP consumer• Custom consumer• ESB connector

• Hooks• Rules• Local entities• Move / copy• SQL interface

3

Introduction to Advanced Topics

4

Change log

• Grouper events from various services (UI, WS, loader, etc) are stored in change log

• Processed in order by the loader on cron (every minute?)

• Certain data about each event is stored• Other data can be retrieved from registry or point-in-time

• Change log consumers can connect to external systems• Change log consumers keep a pointer to latest

successfully processed record for that consumer• Failures in processing can be tried again

5

XMPP consumer

• This is a generic consumer that can be configured for multiple clients

• You institution needs an XMPP server• Need at least one non-person account for authn• With one account you can differentiate by XMPP

resource

• Generally for small apps on receipt of message you full refresh your cache

• Grouper Client can consume XMPP messages

6

XMPP consumer configuration

• The Grouper admin needs to configure XMPP in general, and the specific configuration for one service

• Here is a config for notification on membership changes in a folder

7

Custom change log consumer

• The Grouper admin needs to configure custom change log consumers

• Custom Java code examines change log messages and processes or ignores them

8

ESB connector

• ESB connector processes inbound HTTPS or outbound HTTPS

• Grouper admin must configure

• Inbound is similar to the Grouper WS

• Outbound will send a WS message with the ESB protocol

• Configure per service like XMPP

9

ESB connector configuration

• e.g. send all membership change events to an ESB

• Note, this example is two configurations

10

ESB connector sample message

• e.g. send all membership change events to an ESB

11

Hooks

• Hooks are custom Java plugins to the Grouper API which are called before or after Grouper events

• Can register more than one hook for an event• The Grouper administrator needs to configure

hooks• Can be transactional• Example: when a memberships is added or

removed• Requires knowledge of the Grouper API

12

Rules

• Rules are special attributes on Grouper objects which cause actions to occur

• Requires authorization from Grouper admin

• Built-in or custom actions

• Daemon can sync up rules on cron

13

Rules examples

• Without using a composite group, if a user is not an employee, do not let them get added to the app users group, and remove them if removed from employee

• If a student is no longer in a course group, set a disabled date to the course wiki group for that student for 1 week in the future

• If a group is created in a certain folder, assign READ/ADMIN privileges to a certain group

14

Local entities

• If you want to use a subject which is not in a subject source, you can create your own "local entity"

• Scoped in a folder• Has privileges if want them to be private• e.g. for System users, applications,

database schemas, non-person entities, etc

• Can assign attributes on local entities

15

Renaming

• You can move or copy groups or folders• Moved groups can have one alternate

name so it can still be resolved by the old name

• There are several options:• Can copy privileges of group• Can copy members• Can copy attributes• etc.

16

SQL interface

• If the Grouper admin permits, you can have SQL access to Grouper

• Read-only

• Should get a database ID which has SELECT grants on certain Grouper tables/views

• Common use case is to read large lists of memberships/privileges

17

Quiz

• Click on the quiz link in the video description to reinforce your knowledge of this topic

Thanks!

Further information:

•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper

•Grouper demo server:grouperdemo.internet2.edu/

•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18