1 / 15

Grouper Training Developers and Architects Integration

This training provides an overview of integration options in Grouper for developers and architects. Learn about groups vs permissions, LDAP vs WS vs SAML entitlements, cached vs live calls, Grouper API vs local representation, and other features. Quiz available for reinforcement.

dennisknight
Download Presentation

Grouper Training Developers and Architects Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grouper TrainingDevelopers and Architects Integration Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

  2. Contents Introduction Groups vs. permissions LDAP vs. WS vs. SAML entitlements Cached vs. live calls Grouper API vs. local representation Other features

  3. Introduction to Integration 3

  4. Groups vs. permissions The application can use groups or permissions for authorization Groups are course-grained, and permissions are mapped or hard-coded Permissions are more flexible and can be changed at runtime if stored centrally 4

  5. Groups for authorization Student, Faculty, Admin Grouper Application if user.hasGroup("Student") show courses menu if user.hasGroup("Faculty") show reports menu if user.hasGroup("Admin") show audit menu MainScreen 5

  6. Permissions for authorization show-coursesMenu show-reportsMenu show-auditMenu Grouper Application if user.hasPermission("show", "coursesMenu") show courses menu if user.hasPermission("show", "reportsMenu") show reports menu if user.hasPermission("show", "auditMenu") show audit menu MainScreen 6

  7. Permissions for authorization (continued) • Note, if using permissions, assignments can still be made by group/role, which might be loaded • i.e. in this case, the application might have roles: Student, Faculty, Admin • Those roles might include the groups which are loaded from source systems • The roles have permissions assigned to them • When needed, permissions can be assigned directly to users 7

  8. LDAP vs. WS vs. entitlements • The application could talk to LDAP • If required data is in LDAP (e.g. are permissions in LDAP) • If package is LDAP enabled • Or to Grouper WS • If availability requirements allow • If custom application or connector can be written or data sync'ed 8

  9. LDAP vs. WS vs. entitlements (continued) • Application can use entitlements • If data is needed for logged-in users • If number of assignments fits • SAML enabled applications or cloud services 9

  10. LDAP applications Grouper LDAP Application WS applications WS applications Grouper Grouper Grouper Grouper Grouper Grouper Grouper Grouper Grouper Application SAML entitlements Grouper Grouper Grouper Grouper Grouper Grouper Grouper Grouper Grouper Shib Application 10

  11. Cached vs. live calls • Applications can make fewer calls and cache the results • Can cache periodically, or on events (like login) • Notifications can refresh cache • Can store the cache in memory, DB, disk • Live calls • More calls, less caching logic • No propagation delays • Dependent on Grouper/LDAP for uptime 11

  12. Grouper API vs. local representation • Custom applications could use the Grouper API • Packages might have a groups or permissions store with no adapter • Grouper could provision into that representation. Might use real-time notifications 12

  13. Other features • Applications might take advantage of: • Lite UI • External users • Permission limits • Attribute framework • Person picker • etc 13

  14. Quiz Click on the quiz link in the video description to reinforce your knowledge of this topic 14

  15. Thanks! • Further information: • Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper • Grouper demo server:grouperdemo.internet2.edu/ • Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

More Related