Grouper Training - Admin - WS - Part 2

Chris Hyzer

Internet2

University of Pennsylvania

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.

2

Contents

• Introduction

• Configuration

• Logging

• High availability

• Monitoring

• Troubleshooting

3

Introduction

4

Configuration

• grouper-ws.properties• See file for all options, here are some examples• Control who can access WS by group

• If you configure this, you could auto-create the group and auto-assign users in the grouper.properties

5

Configuration (continued)

• Which users can act-as which other users

6

Configuration (continued)

• Which subject attributes are sent by default (note, client can request more)

7

Logging

• Logging is controlled via log4j.properties

• Clients can easily proxy (especially in non-SSL test environment)

• Errors are generally returned to client

• GrouperClient has --debug=true switch to log request and response

8

Logging (continued)

• Can log requests and responses on server (2.1.1+)

• Should generally not do in production• Edit web.xml

• Add log4j debug settings

9

High availability• Can have multiple app servers connected to one

registry• Might want session persistence by source IP address• There are many ways to do this, here are two

Load balancers

WS servers

RegistryClient

10

High availability (continued)• For improved availability, can deploy in multiple data

centers, load balance on client• GrouperClient can do this, or custom client

Load balancers WS servers

Readonly Registry

Client

Load balancers WS servers

Registry

Data center 1

Data center 2

One-way replication

11

Monitoring

• Monitor like any other web application• Status servlet can check health• Hook up to monitoring software e.g. Nagios

Monitoring software

e.g. NagiosWS servers

Registry

12

Monitoring (continued)

• Status servlet will return 200 on success• Can have log4j errors emailed to admins• TODO ADD EXAMPLE

13

Troubleshooting

• Generally the client will receive a descriptive error to troubleshoot their own problems

• Refer the client to the WS samples / docs• Use the GrouperClient with --debug to show

examples of requests / responses• Contact the Grouper-users email list

14

Quiz

• Click on the quiz link in the video description to reinforce your knowledge of this topic

Thanks!

Further information:

•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper

•Grouper demo server:grouperdemo.internet2.edu/

•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ

This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 15