Post on 28-Dec-2015
Grouper Training - Admin - WS - Part 2
Chris Hyzer
Internet2
University of Pennsylvania
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
2
Contents
• Introduction
• Configuration
• Logging
• High availability
• Monitoring
• Troubleshooting
3
Introduction
4
Configuration
• grouper-ws.properties• See file for all options, here are some examples• Control who can access WS by group
• If you configure this, you could auto-create the group and auto-assign users in the grouper.properties
5
Configuration (continued)
• Which users can act-as which other users
6
Configuration (continued)
• Which subject attributes are sent by default (note, client can request more)
7
Logging
• Logging is controlled via log4j.properties
• Clients can easily proxy (especially in non-SSL test environment)
• Errors are generally returned to client
• GrouperClient has --debug=true switch to log request and response
8
Logging (continued)
• Can log requests and responses on server (2.1.1+)
• Should generally not do in production• Edit web.xml
• Add log4j debug settings
9
High availability• Can have multiple app servers connected to one
registry• Might want session persistence by source IP address• There are many ways to do this, here are two
Load balancers
WS servers
RegistryClient
10
High availability (continued)• For improved availability, can deploy in multiple data
centers, load balance on client• GrouperClient can do this, or custom client
Load balancers WS servers
Readonly Registry
Client
Load balancers WS servers
Registry
Data center 1
Data center 2
One-way replication
11
Monitoring
• Monitor like any other web application• Status servlet can check health• Hook up to monitoring software e.g. Nagios
Monitoring software
e.g. NagiosWS servers
Registry
12
Monitoring (continued)
• Status servlet will return 200 on success• Can have log4j errors emailed to admins• TODO ADD EXAMPLE
13
Troubleshooting
• Generally the client will receive a descriptive error to troubleshoot their own problems
• Refer the client to the WS samples / docs• Use the GrouperClient with --debug to show
examples of requests / responses• Contact the Grouper-users email list
14
Quiz
• Click on the quiz link in the video description to reinforce your knowledge of this topic
Thanks!
Further information:
•Infosheets, mailing lists, wiki, downloads, etc.:www.internet2.edu/grouper
•Grouper demo server:grouperdemo.internet2.edu/
•Grouper Online Training Home:spaces.internet2.edu/x/IIGfAQ
This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. 15