Class GrouperDuoUtils
java.lang.Object
edu.internet2.middleware.grouperDuo.GrouperDuoUtils
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
attachAdminIdToMember
(Member member, String adminId) static String
The attribute name that holds the admin_id value for a memberstatic String
The attribute name that holds the string to append to the end of a user's name.static String
The attribute name that holds the role for an admin group.static String
static String
Folder for duo admin syncstatic String
folder for duo groups, ends in colonsources for subjectsstatic String
subject attribute to get the duo username from the subject, could be "id" for subject idstatic String
static String
static String
static String
Creates a password for a new administrator account.static long
Configuration option for how long since the last login before a disabled admin account can be enabled.static Stem
get duo stem from expirable cache or from database duo stemstatic Stem
duoStemHelper
(Map<String, Object> debugMap) duo stemstatic GrouperDuoAdministrator
fetchOrCreateGrouperDuoAdministrator
(Member member, boolean createIfNotFound, Map<String, GrouperDuoAdministrator> administrators) Fetches a GrouperDuoAdministrator object for a user, and handles updating the attributes attached to the user.static String
getAdminIdFromMember
(Member member) static Group
getExistingAdminRole
(GrouperSession session, Member member) Checks if the user is already a member of another admin role.static String
getSubjectAttributesForEmail
(Subject subject) Build a formatted string of subject attributes for an error notification.static boolean
Configuration option for whether or not to delete administrators.static boolean
Config option for enabling the disabling of administrator accounts not associated with a Grouper user.static boolean
static boolean
static boolean
isValidDuoAdminGroup
(GrouperSession grouperSession, String groupName) Checks that a group name is within the admin sync folder and that the extension is a valid duo admin role.static boolean
static boolean
removeSubjectFromDuoAdminGroups
(GrouperSession session, Subject subject) Removes a subject from all Duo Admin groups.static void
sendEmailToGroupMembers
(Group groupMembersToNotify, String subject, String body) Sends an email to all members of a Grouper group.static void
synchronizeMemberAndDuoAdministrator
(GrouperSession session, Member member, GrouperDuoAdministrator administrator) static boolean
validDuoGroupName
(String groupName) must be in stem and not have invalid suffix
-
Constructor Details
-
GrouperDuoUtils
public GrouperDuoUtils()
-
-
Method Details
-
duoStem
get duo stem from expirable cache or from database duo stem- Parameters:
debugMap
-- Returns:
- the stem
-
duoStemHelper
duo stem- Parameters:
debugMap
-- Returns:
- the stem
-
configFolderForDuoGroups
folder for duo groups, ends in colon- Returns:
- the config folder for duo groups
-
configFolderForDuoAdmins
Folder for duo admin sync- Returns:
- the config folder for duo admins
-
provisionAdminAccountsWithRandomPasswords
public static boolean provisionAdminAccountsWithRandomPasswords() -
configSubjectAttributeForDuoUsername
subject attribute to get the duo username from the subject, could be "id" for subject id- Returns:
- the subject attribute name
-
configSourcesForSubjects
sources for subjects- Returns:
- the config sources for subjects
-
configAttributeForAdminId
The attribute name that holds the admin_id value for a member- Returns:
- attribute name
-
configAttributeForAdminRole
The attribute name that holds the role for an admin group.- Returns:
- attribute name
-
configAttributeForAdminNameSuffix
The attribute name that holds the string to append to the end of a user's name.- Returns:
- attribute name
-
configSubjectAttributeForName
-
configSubjectAttributeForPhone
-
configSubjectAttributeForEmail
-
configEmailRecipientsGroupName
-
validDuoGroupName
must be in stem and not have invalid suffix- Parameters:
groupName
-- Returns:
- true if valid group name
-
isValidDuoAdminGroup
Checks that a group name is within the admin sync folder and that the extension is a valid duo admin role.- Parameters:
groupName
-- Returns:
- true if valid group name
-
isDuoAdminSyncEnabled
public static boolean isDuoAdminSyncEnabled() -
manageableAdminRoles
-
getAdminIdFromMember
-
attachAdminIdToMember
-
createAdminAccountPassword
Creates a password for a new administrator account. The behavior of this method can be changed directly from the configuration files:- Returns:
-
getExistingAdminRole
Checks if the user is already a member of another admin role.- Parameters:
session
- GrouperSessionmember
- Member- Returns:
- True if the user already belongs to another admin role group.
-
fetchOrCreateGrouperDuoAdministrator
public static GrouperDuoAdministrator fetchOrCreateGrouperDuoAdministrator(Member member, boolean createIfNotFound, Map<String, GrouperDuoAdministrator> administrators) Fetches a GrouperDuoAdministrator object for a user, and handles updating the attributes attached to the user. This method will create an administrator account for the specified member, but will not handle the sync logic from the Groups. All GrouperDuoAdministrator accounts should have their state verified each iteration to evaluate all of the business logic.- Parameters:
member
-createIfNotFound
-- Returns:
-
synchronizeMemberAndDuoAdministrator
public static void synchronizeMemberAndDuoAdministrator(GrouperSession session, Member member, GrouperDuoAdministrator administrator) -
isDuoGroupSyncEnabled
public static boolean isDuoGroupSyncEnabled() -
isDisableUnknownAdminAccountsEnabled
public static boolean isDisableUnknownAdminAccountsEnabled()Config option for enabling the disabling of administrator accounts not associated with a Grouper user.- Returns:
-
isDeleteUnknownAdminAccountsEnabled
public static boolean isDeleteUnknownAdminAccountsEnabled()Configuration option for whether or not to delete administrators.- Returns:
- true if deleting admin accounts is enabled.
-
deleteUnknownAdminAccountsAfterSeconds
public static long deleteUnknownAdminAccountsAfterSeconds()Configuration option for how long since the last login before a disabled admin account can be enabled.- Returns:
- number of seconds to wait before removing an admin account.
-
sendEmailToGroupMembers
Sends an email to all members of a Grouper group.- Parameters:
groupMembersToNotify
- The group containing all of the receiving memberssubject
- The subject of the emailbody
- The body of the email
-
getSubjectAttributesForEmail
Build a formatted string of subject attributes for an error notification. -
removeSubjectFromDuoAdminGroups
Removes a subject from all Duo Admin groups.- Parameters:
session
-subject
-- Returns:
-