Grouper API part 1

Chris HyzerUniversity of Pennsylvania

Contents

• Overview of the Grouper API• Versioning• Download• Databases• Grouper Loader• DDL• Quickstart data

3

Grouper components

as of v2.0

January 2012

AnApplication

LDAP/ADPersons

Orgs

Identity Management

ShibbolethIdP

SP

ML

SAML

LDAP/AD

SO

AP

RE

ST

Grouper Client

Java API, Rules, Audit, External users,

Changelog Grouper Shell

GrouperDatabase

Web Services UIs: membership,

attributes, roles & permissions, admin,

invitation

Grouper Loader

LDAP Provisioning Connector

XMLscript

gsh%

Real-Time

XMPP

HTTPS

ESB

Grouper DataConnector

Another

XMPPHTTPS

Systems of Record

JNDI Source Adapter

JDBC Source Adapter

Subject API

Kuali Rice

Atlassian

REST

RES

T

Atlassian Connector

Kuali Connector

Overview of the Grouper API

• The Grouper registry is the database tables where the Grouper data lives

• The Grouper API is

• the grouper.jar (and dependent jars) and

• config files that query and manipulate the Grouper registry

• The Grouper API is a dependent component to the UI, WS, Grouper Loader (daemons), and LDAPPC-NG

Overview of the Grouper API (continued)

• The Grouper API can run in multiple places for the same registry

• The Grouper Java API (from grouper.jar) is also referred to as the Grouper API

Versioning

• Grouper API versioning is a three number system

• Example:

Grouper 2.0.3• 2 is the major version number• 0 is the minor version• 3 is the build number

Versioning (continued)

• Only bug fixes and small impact enhancements will be put in next build number of a major/minor release

• Generally a substantial release (new major or minor number) is done yearly

Versioning (continued)

• All components of Grouper are released at the same time with the same version number

• Note: the Provisioning Service Provider is not on the same release schedule as other Grouper components

• If you are upgrading Grouper, it is generally a good idea to upgrade all Grouper components together

• For each major/minor release, refer to the

• Upgrade instructions

• List of environment changes

Versioning for Web Services

• Grouper WS are versioned

• Each request sends the protocol version that is expected to be returned

• Grouper WS are backwards compatible

• Clients do not need to be upgraded when the server is

Download

• Grouper packages of all official versions are hosted on the Grouper web server linked from:• http://www.internet2.edu/grouper/software.html

• If you download the Grouper Installer, it can download most other packages for you

• Some Grouper packages are hosted on Maven's central repository

Databases

• Grouper uses the open source Hibernate library for Java / SQL persistence

• Generally Grouper supports all the databases that Hibernate supports, as long as it supports:• Transactions• Large indexes• Complex SQL queries

Databases (continued)

• It is best if you use Oracle, MySQL, or Postgres

• Grouper is also tested with SQL server, though its indexes can be problematic

• It is unsupported to use another database except HQL in development

Grouper Loader

• The Grouper Loader can keep groups in sync with SQL databases or LDAP

• The Grouper Loader is compatible with any SQL database that you have a Java driver for (it does not have to be the Grouper registry database)

• The Grouper Loader uses simple SQL and not hibernate

• Generally it is a good idea to keep your Loader query in a database view

grouper.hibernate.properties config file

Database DDL

• DDL is Data Definition Language• This is the SQL that creates the database objects

(tables, views, indexes, etc.) used by Grouper• DDL is not standard across database vendors• Hibernate does not give fine-grained control of DDL

• Grouper uses Jakarta DDLUtils to generate DDL for each database vendor

• You can run a GSH command to initialize or upgrade the DDL in your database

• Grouper will analyze the database to upgrade it• Follow the Grouper upgrade instructions carefully

Database DDL (continued)

• Grouper GSH can either:• Init/upgrade the registry for you

-or-• Generate a script that you can review

• The Grouper GSH DDL command can also run SQL to affect the data in the database on upgrades

Database DDL (continued)

Database DDL continued

Database DDL (continued)

Quickstart data

• There are quickstart users for a SQL datasource• There is an export of a quickstart project that you can

import into your registry to have sample groups, etc.• The Grouper Installer or GSH can install the

quickstart users and data for you• The quickstart users need to be resolvable before the

quickstart data can be loaded

Quickstart data (continued)

Quickstart data (continued)

Quickstart data (continued)

Quickstart data (continued)

Quickstart data (continued)

Quiz

Click on the quiz link in the Youtube video description to reinforce your knowledge of this topic

28

Thanks!

Further information:

Infosheets, mail lists, wiki, downloads, etc:www.internet2.edu/grouper

Grouper demo server:https://grouperdemo.internet2.edu/