Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.

Slides:



Advertisements
Similar presentations
Grouper API - Part 2 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported.
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
System Administration Accounts privileges, users and roles
ASP.NET Programming with C# and SQL Server First Edition Chapter 8 Manipulating SQL Server Databases with ASP.NET.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW  Describe the process of adding a computer to.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Collections Management Museums EMu 3.1 / 3.2 – New Features EMu 3.1 / 3.2 New Features Bernard Marshall Chief Technology Officer KE Software.
Phil Brewster  One of the first steps – identify the proper data types  Decide how data (in columns) should be stored and used.
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
This presentation will guide you though the initial stages of installation, through to producing your first report Click your mouse to advance the presentation.
Linux Operations and Administration
Chris Hyzer University of Pennsylvania
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Copyright 2003 Accenture. All rights reserved. Accenture, its logo, and Accenture Innovation Delivered are trademarks of Accenture. Data Migration in Oracle.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
What is Sure BDCs? BDC stands for Batch Data Communication and is also known as Batch Input. It is a technique for mass input of data into SAP by simulating.
Chapter 7: WORKING WITH GROUPS
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice SISP Training Documentation Template.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introduction to HP Availability Manager.
RMsis – v Simplify Requirement Management for JIRA.
1 OPOL Training (OrderPro Online) Prepared by Christina Van Metre Independent Educational Consultant CTO, Business Development Team © Training Version.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008
Introduction to CS520/CS596_026 Lecture Two Gordon Tian Fall 2015.
Publishing Your Web Pages Ann Emmanuel SIUE Web Administrator
Prepared by: Steve Teo Contributors: Tong Huu Khiem.
Oracle Data Integrator Agents. 8-2 Understanding Agents.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Running Kuali: A Technical Perspective Ailish Byrne (Indiana University) Jonathan Keller (University of California, Davis)
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
MySQL Getting Started BCIS 3680 Enterprise Programming.
12 Copyright © 2009, Oracle. All rights reserved. Managing Backups, Development Changes, and Security.
07/21/97 MOSS Project Introduction and Definition -Senior Project-
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
SQL SERVER 2008 Installation Guide A Step by Step Guide Prepared by Hassan Tariq.
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
SPI NIGHTLIES Alex Hodgkins. SPI nightlies  Build and test various software projects each night  Provide a nightlies summary page that displays all.
Hyperion Artifact Life Cycle Management Agenda  Overview  Demo  Tips & Tricks  Takeaways  Queries.
1 Introduction to SQL *Plus Oracle SQL Interface MIS309 Database Systems.
Intro To Oracle :part 1 1.Save your Memory Usage & Performance. 2.Oracle Login ways. 3.Adding Database to DB Trees. 4.How to Create your own user(schema).
UpgradinguPortal to What’s new that matters Better use of third party frameworks Faster! Improved caching Drag and Drop New Skin & Theme Accessibility.
RMsis – v now with JIRA 5.0 support Simplify Requirement Management for JIRA.
Lindsey Velez, Director of Instructional Technology Single Sign-On One Click.
Your current Moodle 1.9 Minimum Requirements Ability to do a TEST RUN! Upgrading Moodle to Version 2 By Ramzan Jabbar Doncaster College for the Deaf By.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1 Section 1 - Introduction to SQL u SQL is an abbreviation for Structured Query Language. u It is generally pronounced “Sequel” u SQL is a unified language.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Fundamental of Databases
Administrating a Database
Oracle Database for APM 9.1
Data Virtualization Demoette… CIS Rights
A very brief introduction
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Chapter 8 Working with Databases and MySQL
UNITY TEAM PROJECT TOPICS: [1]. Unity Collaborate
Configuring Internet-related services
Technical Topics in Privilege Management
First Level Incident Handling FAQ (For EAL)
Administrating a Database
Presentation transcript:

Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006

Introduction Grouper and Signet rely on Hibernate technology to integrate with a variety of RDBMS systems. Also see the Signet and Grouper Wikis for Hibernate configuration information.

Let’s talk about first…

grouper.hibernate.properties See sample grouper/conf/grouper.hibernate.properties in Appendix 2 of handout. Comes pre-populated for HSQLDB, PostgreSQL, and Oracle - just comment and uncomment the appropriate sections. Hibernate uses JDBC - fill in: –hibernate.connection.driver_class (JDBC driver classname) –hibernate.connection.url (JDBC URL for the database) –hibernate.connection.username (database user) –hibernate.connection.password (database user’s password)

Grouper/Oracle Example At Cornell, we are using an Oracle database for the groups registry.

Grouper/Oracle cont’d Remember to uncomment this line if you are using Oracle: (You can also fix any spelling mistakes you might find.)

Ready, Set … If your configuration is ready, the next thing you need to do is initialize your database. Don’t forget to put your classes.jar file in the grouper/lib directory (e.g. oracle- classes12.jar) You may want to edit your log4j.properties file if you haven’t already.

Go! Switch into the grouper directory and type “ant schemaexport” - this command generates the DDL (Data Definition Language) appropriate for your configured RDBMS and installs the tables. Then type “ant db-init”. This command populates various tables with required logical schema information and creates the root naming stem of the Groups Registry. These ant commands will produce errors if you haven’t configured your log files correctly in log4j.properties. But the commands will still work after Grouper complains a little.

Grouper FAQ Number 2: Q: "ant schemaexport" creates 14 tables, 2 of which are "subject" and "subjectattribute". Do I need these? A: No. They are there only to support the quickstart demo and testing the API. They can safely be removed or ignored *if* your subjects are coming from another source, e.g. an LDAP directory.

Grouper FAQ Number 6: Q: I am using Oracle for my Grouper database, and when I try to add more groups or members, I am getting this error: "hibernate commit error: Could not execute JDBC batch update." What causes that? A: One cause may be that you have run out of tablespace - try extending your tablespace for the Grouper database.  Cornell currently has the tablespace set to 1Gb, just a rough guess based on preliminary data loads.

Grouper/Oracle cont’d The Oracle database schema has been modified between version 1.0 and 1.1 of Grouper. If you are upgrading from 1.0, you should export the GROUPER_MEMBERSHIPS table, reorder the columns and import the GROUPER_MEMBERSHIPS table for much better performance.

Audience Participation Any experience using Grouper with PostgreSQL or HSQLDB?

Special Grouper Subjects: GrouperAll The GrouperAll subject is hard-wired. GrouperAll means *any* subject. When you select “Assign the following default privileges for everyone” in the UI, you are actually assigning them to the “GrouperAll” subject. You will see GrouperAll appear in the UI when you look at who has group privileges such as VIEW and READ.

Special Grouper Subjects: GrouperSystem The super-user… If you are using an SSO system and/or outside subject sources, you probably won’t be able to sign on as GrouperSystem but… You can create a Grouper “wheel” group whose members are the security equivalent to “GrouperSystem”. If you are a member of the “wheel” group, the UI gives you a choice whether to act as yourself with normal privileges, or as “admin” which means “GrouperSystem”.

Setting up the Grouper Wheel Group See instructions in the Wiki Documentation section: “Initializing Administration of Grouper Privileges.” Use gsh to create the group, and edit the grouper.properties file. Sample grouper.properties file in Appendix 4 of handout. Joy sez: “Make a script, you will have to do this more than once when you are starting out!”

The gsh Utility (Grouper Shell) My favorite utility - a tool for interacting with the Grouper API. Script (batch) and interactive modes. The Grouper Wiki has instructions for how to build and use it. Use special gsh commands or *any* API command.

Useful gsh Variables

Create “wheel” Group - Sample gsh Script

Grouper XML Export Exported XML may be used for: * provisioning other systems * reporting * backups * switching database backends - including to upgraded schemas (required by new Grouper API versions) in the same database

Grouper XML Import Useful for: * loading - adding to or updating existing Stems, Groups and Group Types. Whole or partial Grouper registries can be exported, and subsequently imported at a specified Stem (or the Root Stem if not specified) in the new instance. * initializing a new, empty registry to a known state - useful for demos, testing and system recovery

Sample Grouper XML export command Remember to create an export.properties file. From grouper directory, this will export the cu:ga stem which has the wheel group in it: ant xml-export -Dcmd="GrouperSystem -name cu:ga x.xml"

What the Export xml Looks Like

Setting up the Database

Set Up the Signet Database Instructions on the Signet Wiki The DDL for each supported database is found in the signet/sql directory. Signet currently provides DDL for: * HSQL * Oracle * Postgres * Sybase Execute with your favorite tool (Aqua for Mac, dbArtisan for Windows)

Copy Your Driver For Oracle this is oracle-classes12.jar An appropriate driver must be installed in two places, as there are two parts to Signet that operate independently - the Web application and the utilities. * signet/lib * signet/webapp/signet/WEB-INF/lib

Two Different Versions of Hibernate? It’s just an accident that Signet uses XML for the Hibernate configuration and Grouper doesn’t. Currently Grouper (& Subject) use v2.1.8 of Hibernate. Signet uses some earlier v2. Normalization of third party libraries common to Signet and Grouper is being addressed.

Edit signet/config/hibernate.cfg.xml See sample hibernate.cfg.xml in Appendix 3 of handout. Configures your JDBC connection. Edit two copies of the hibernate.cfg.xml file: –signet/config/hibernate.cfg.xml –signet/webapp/signet/WEB- INF/classes/hibernate.cfg.xml

Sample signet/config/hibernate.cfg.xml for Oracle

The Special “Signet” Subject Built into Signet The Signet subject is the source of granted privileges over internal Signet system actions as described below. The Signet subject is the actor on any system-initiated action, e.g., it will be identified as the "revoker" when a lifecycle event (expiration or affiliation change) causes the automatic revocation of services.

“Signet” Subject - more The Signet subject has hard-wired granting powers over all functions in all subsystems. Note that Signet can extend capabilities to others (can grant), but cannot itself act on those privileges.

Giving the Signet System Administrator Initial Power Use the Signet proxy tool to grant System Administrator privileges (described in the Wiki)./run.sh grant Possible commands: grant, revoke, list

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.