Transcript Grouper Loader

Grouper API part 1
Chris Hyzer
University of Pennsylvania
Contents
•
•
•
•
•
•
•
Overview of the Grouper API
Versioning
Download
Databases
Grouper Loader
DDL
Quickstart data
Identity
Management
Persons
Orgs
Grouper
Shibboleth DataConnector
IdP
SAML
LDAP/AD
SP
ML
Web
Services
Subject API
Kuali
Rice
UIs: membership,
attributes, roles &
permissions, admin,
invitation
Grouper
Shell
L
XM i p t
r
Another
T
Kuali
Connector
sc
MP
PP
H
P
XM TPS TTP
S
HT
Atlassian
Connector
R ES
Java API, Rules, Audit,
External users,
Grouper
Changelog
Loader
RealGrouper
Time
Database
X
ESB
January 2012
Atlassian
SO
A
RE P
ST
RE
ST
LDAP/AD
Systems
of Record
3
An
Application
Grouper
Client
LDAP
Provisioning
Connector
JDBC
JNDI
Source Source
Adapter Adapter
Grouper
components
as of v2.0
gsh%
Overview of the Grouper API
• The Grouper registry is the database tables where
the Grouper data lives
• The Grouper API is
• the grouper.jar (and dependent jars) and
• config files that query and manipulate the Grouper registry
• The Grouper API is a dependent component to the
UI, WS, Grouper Loader (daemons), and
LDAPPC-NG
Overview of the Grouper API
(continued)
• The Grouper API can run in multiple places for the
same registry
• The Grouper Java API (from grouper.jar) is also
referred to as the Grouper API
Versioning
• Grouper API versioning is a three number system
• Example:
Grouper 2.0.3
• 2 is the major version number
• 0 is the minor version
• 3 is the build number
Versioning (continued)
• Only bug fixes and small impact enhancements will
be put in next build number of a major/minor release
• Generally a substantial release (new major or minor
number) is done yearly
Versioning (continued)
• All components of Grouper are released at the same
time with the same version number
• Note: the Provisioning Service Provider is not on the same
release schedule as other Grouper components
• If you are upgrading Grouper, it is generally a good
idea to upgrade all Grouper components together
• For each major/minor release, refer to the
• Upgrade instructions
• List of environment changes
Versioning for Web Services
• Grouper WS are versioned
• Each request sends the protocol version that is
expected to be returned
• Grouper WS are backwards compatible
• Clients do not need to be upgraded when the server
is
Download
• Grouper packages of all official versions are hosted
on the Grouper web server linked from:
• http://www.internet2.edu/grouper/software.html
• If you download the Grouper Installer, it can
download most other packages for you
• Some Grouper packages are hosted on Maven's
central repository
Databases
• Grouper uses the open source Hibernate library for
Java / SQL persistence
• Generally Grouper supports all the databases that
Hibernate supports, as long as it supports:
• Transactions
• Large indexes
• Complex SQL queries
Databases (continued)
• It is best if you use Oracle, MySQL, or Postgres
• Grouper is also tested with SQL server, though its
indexes can be problematic
• It is unsupported to use another database except
HQL in development
Grouper Loader
• The Grouper Loader can keep groups in sync with
SQL databases or LDAP
• The Grouper Loader is compatible with any SQL
database that you have a Java driver for (it does not
have to be the Grouper registry database)
• The Grouper Loader uses simple SQL and not
hibernate
• Generally it is a good idea to keep your Loader query
in a database view
grouper.hibernate.properties config file
Database DDL
• DDL is Data Definition Language
• This is the SQL that creates the database objects
(tables, views, indexes, etc.) used by Grouper
• DDL is not standard across database vendors
• Hibernate does not give fine-grained control of DDL
Database DDL (continued)
• Grouper uses Jakarta DDLUtils to generate DDL for
each database vendor
• You can run a GSH command to initialize or upgrade
the DDL in your database
• Grouper will analyze the database to upgrade it
• Follow the Grouper upgrade instructions carefully
Database DDL (continued)
• Grouper GSH can either:
• Init/upgrade the registry for you
-or• Generate a script that you can review
• The Grouper GSH DDL command can also run SQL
to affect the data in the database on upgrades
Database DDL continued
Database DDL (continued)
Quickstart data
• There are quickstart users for a SQL datasource
• There is an export of a quickstart project that you can
import into your registry to have sample groups, etc.
• The Grouper Installer or GSH can install the
quickstart users and data for you
• The quickstart users need to be resolvable before the
quickstart data can be loaded
Quickstart data (continued)
Quickstart data (continued)
Quickstart data (continued)
Quickstart data (continued)
Quickstart data (continued)
Quiz
Click on the quiz link in the Youtube video description to
reinforce your knowledge of this topic
Thanks!
Further information:
Infosheets, mail lists, wiki, downloads, etc:
www.internet2.edu/grouper
Grouper demo server:
https://grouperdemo.internet2.edu/
28