1. Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

2. 2 Contents Introduction Change log XMPP consumer Custom consumer ESB connector Hooks Rules Local entities Move / copy SQL interface

3. 3 Introduction to Advanced Topics

4. 4 Change log Grouper events from various services (UI, WS, loader, etc) are stored in change log Processed in order by the loader on cron (every minute?) Certain data about each event is stored Other data can be retrieved from registry or point-in-time Change log consumers can connect to external systems Change log consumers keep a pointer to latest successfully processed record for that consumer Failures in processing can be tried again

5. 5 XMPP consumer This is a generic consumer that can be configured for multiple clients You institution needs an XMPP server Need at least one non-person account for authn With one account you can differentiate by XMPP resource Generally for small apps on receipt of message you full refresh your cache Grouper Client can consume XMPP messages

6. 6 XMPP consumer configuration The Grouper admin needs to configure XMPP in general, and the specific configuration for one service Here is a config for notification on membership changes in a folder

7. 7 Custom change log consumer The Grouper admin needs to configure custom change log consumers Custom Java code examines change log messages and processes or ignores them

8. 8 ESB connector ESB connector processes inbound HTTPS or outbound HTTPS Grouper admin must configure Inbound is similar to the Grouper WS Outbound will send a WS message with the ESB protocol Configure per service like XMPP

9. 9 ESB connector configuration e.g. send all membership change events to an ESB Note, this example is two configurations

10. 10 ESB connector sample message e.g. send all membership change events to an ESB

11. 11 Hooks Hooks are custom Java plugins to the Grouper API which are called before or after Grouper events Can register more than one hook for an event The Grouper administrator needs to configure hooks Can be transactional Example: when a memberships is added or removed Requires knowledge of the Grouper API

12. 12 Rules Rules are special attributes on Grouper objects which cause actions to occur Requires authorization from Grouper admin Built-in or custom actions Daemon can sync up rules on cron

13. 13 Rules examples Without using a composite group, if a user is not an employee, do not let them get added to the app users group, and remove them if removed from employee If a student is no longer in a course group, set a disabled date to the course wiki group for that student for 1 week in the future If a group is created in a certain folder, assign READ/ADMIN privileges to a certain group

14. 14 Local entities If you want to use a subject which is not in a subject source, you can create your own "local entity" Scoped in a folder Has privileges if want them to be private e.g. for System users, applications, database schemas, non-person entities, etc Can assign attributes on local entities

15. 15 Renaming You can move or copy groups or folders Moved groups can have one alternate name so it can still be resolved by the old name There are several options: Can copy privileges of group Can copy members Can copy attributes etc.

16. 16 SQL interface If the Grouper admin permits, you can have SQL access to Grouper Read-only Should get a database ID which has SELECT grants on certain Grouper tables/views Common use case is to read large lists of memberships/privileges

17. 17 Quiz Click on the quiz link in the video description to reinforce your knowledge of this topic

18. Thanks! Further information: Infosheets, mailing lists, wiki, downloads, etc.: www.internet2.edu/grouper www.internet2.edu/grouper Grouper demo server: grouperdemo.internet2.edu/ grouperdemo.internet2.edu/ Grouper Online Training Home: spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 18