Upload
erik-lynch
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
Grouper TrainingDevelopers and Architects
Advanced Topics
Chris Hyzer
Internet2
University of Pennsylvania
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Contents
• Introduction• Change log• XMPP consumer• Custom consumer• ESB connector
• Hooks• Rules• Local entities• Move / copy• SQL interface
3
Introduction to Advanced Topics
4
Change log
• Grouper events from various services (UI, WS, loader, etc) are stored in change log
• Processed in order by the loader on cron (every minute?)
• Certain data about each event is stored• Other data can be retrieved from registry or point-in-time
• Change log consumers can connect to external systems• Change log consumers keep a pointer to latest
successfully processed record for that consumer• Failures in processing can be tried again
5
XMPP consumer
• This is a generic consumer that can be configured for multiple clients
• You institution needs an XMPP server• Need at least one non-person account for authn• With one account you can differentiate by XMPP
resource
• Generally for small apps on receipt of message you full refresh your cache
• Grouper Client can consume XMPP messages
6
XMPP consumer configuration
• The Grouper admin needs to configure XMPP in general, and the specific configuration for one service
• Here is a config for notification on membership changes in a folder
7
Custom change log consumer
• The Grouper admin needs to configure custom change log consumers
• Custom Java code examines change log messages and processes or ignores them
8
ESB connector
• ESB connector processes inbound HTTPS or outbound HTTPS
• Grouper admin must configure
• Inbound is similar to the Grouper WS
• Outbound will send a WS message with the ESB protocol
• Configure per service like XMPP
9
ESB connector configuration
• e.g. send all membership change events to an ESB
• Note, this example is two configurations
10
ESB connector sample message
• e.g. send all membership change events to an ESB
11
Hooks
• Hooks are custom Java plugins to the Grouper API which are called before or after Grouper events
• Can register more than one hook for an event• The Grouper administrator needs to configure
hooks• Can be transactional• Example: when a memberships is added or
removed• Requires knowledge of the Grouper API
12
Rules
• Rules are special attributes on Grouper objects which cause actions to occur
• Requires authorization from Grouper admin
• Built-in or custom actions
• Daemon can sync up rules on cron
13
Rules examples
• Without using a composite group, if a user is not an employee, do not let them get added to the app users group, and remove them if removed from employee
• If a student is no longer in a course group, set a disabled date to the course wiki group for that student for 1 week in the future
• If a group is created in a certain folder, assign READ/ADMIN privileges to a certain group
14
Local entities
• If you want to use a subject which is not in a subject source, you can create your own "local entity"
• Scoped in a folder• Has privileges if want them to be private• e.g. for System users, applications,
database schemas, non-person entities, etc
• Can assign attributes on local entities
15
Renaming
• You can move or copy groups or folders• Moved groups can have one alternate
name so it can still be resolved by the old name
• There are several options:• Can copy privileges of group• Can copy members• Can copy attributes• etc.
16
SQL interface
• If the Grouper admin permits, you can have SQL access to Grouper
• Read-only
• Should get a database ID which has SELECT grants on certain Grouper tables/views
• Common use case is to read large lists of memberships/privileges
17
Quiz
• Click on the quiz link in the video description to reinforce your knowledge of this topic
Thanks!
Further information:
•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
•Grouper demo server:grouperdemo.internet2.edu/
•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18