Archer Security Provider

Archer Logo

Desktop Group Management Module

Introduction

This module is responsible for synchronzing groups defined in a AAIgmt server (Switch tool) with groups in SRB servers. As can be seen in the picture below, the module is implemented and run as a backgroup process (ArcherGrpSynch) which connects to the AAIgmt server periodically and checks whether any change has been made to the groups defined there. If such a change is detected, the process will connect to the SRB and do an update appropriately.

Implementation



AAIgmt provides a backend interface for retrieve and checking group information at https://gmtserver/gmt/interface/index.php. ArcherGrpSynch uses this interface for synchronization. In addition, it uses Jargon to connect to and update the SRB groups so that these groups match the ones from the AAIgmt server.

The implementation of the module is very simple at this stage. There are three main classes in Archer Group Management module GMTUtil, SRBUtil, and ArcherGroupQuery. GMTUtil is to handle GTM groups whereas SRBUtil is to manipulate SRB groups. ArcherGroupQuery makes use of both the classes to synch SRB and GTM groups.

Notice: The current gmt server for Archer is installed on daly at https://daly.its.monash.edu.au/gmt. The reason is that mersey (test server) uses OpenTestIDP level 2 which creates very long eppn which can cause problems for the SRB side.

Installation

AAIgmt Server:
Please follow the document here.

ArcherGrpSynch
Download here. You also need log4j, gsi.jar, and jargon on your classpath.

To use this module, first change the settings in config.properties so that:
  • gmt.url points to the management interface of your gmt server.
  • gmt.shared-key is the value of the shared key defined by your gmt server.
  • srb.default-domain is the default domain of any newly created srb user/group.
  • srb.default-usertype is the default user type of any newly created srb user/group.
  • Secondly, add the ArcherGrpSynch file to the class path or modify it in the files in the script folder and run scripts/v0.2/grpSynchd.sh as a background process.


    Copyright © Archer Project, Monash university