Class GrouperDuoUtils

java.lang.Object
edu.internet2.middleware.grouperDuo.GrouperDuoUtils

public class GrouperDuoUtils extends Object
  • Constructor Details

    • GrouperDuoUtils

      public GrouperDuoUtils()
  • Method Details

    • duoStem

      public static Stem duoStem(Map<String,Object> debugMap)
      get duo stem from expirable cache or from database duo stem
      Parameters:
      debugMap -
      Returns:
      the stem
    • duoStemHelper

      public static Stem duoStemHelper(Map<String,Object> debugMap)
      duo stem
      Parameters:
      debugMap -
      Returns:
      the stem
    • configFolderForDuoGroups

      public static String configFolderForDuoGroups()
      folder for duo groups, ends in colon
      Returns:
      the config folder for duo groups
    • configFolderForDuoAdmins

      public static String configFolderForDuoAdmins()
      Folder for duo admin sync
      Returns:
      the config folder for duo admins
    • provisionAdminAccountsWithRandomPasswords

      public static boolean provisionAdminAccountsWithRandomPasswords()
    • configSubjectAttributeForDuoUsername

      public static String configSubjectAttributeForDuoUsername()
      subject attribute to get the duo username from the subject, could be "id" for subject id
      Returns:
      the subject attribute name
    • configSourcesForSubjects

      public static Set<String> configSourcesForSubjects()
      sources for subjects
      Returns:
      the config sources for subjects
    • configAttributeForAdminId

      public static String configAttributeForAdminId()
      The attribute name that holds the admin_id value for a member
      Returns:
      attribute name
    • configAttributeForAdminRole

      public static String configAttributeForAdminRole()
      The attribute name that holds the role for an admin group.
      Returns:
      attribute name
    • configAttributeForAdminNameSuffix

      public static String configAttributeForAdminNameSuffix()
      The attribute name that holds the string to append to the end of a user's name.
      Returns:
      attribute name
    • configSubjectAttributeForName

      public static String configSubjectAttributeForName()
    • configSubjectAttributeForPhone

      public static String configSubjectAttributeForPhone()
    • configSubjectAttributeForEmail

      public static String configSubjectAttributeForEmail()
    • configEmailRecipientsGroupName

      public static String configEmailRecipientsGroupName()
    • validDuoGroupName

      public static boolean validDuoGroupName(String groupName)
      must be in stem and not have invalid suffix
      Parameters:
      groupName -
      Returns:
      true if valid group name
    • isValidDuoAdminGroup

      public static boolean isValidDuoAdminGroup(GrouperSession grouperSession, String groupName)
      Checks that a group name is within the admin sync folder and that the extension is a valid duo admin role.
      Parameters:
      groupName -
      Returns:
      true if valid group name
    • isDuoAdminSyncEnabled

      public static boolean isDuoAdminSyncEnabled()
    • manageableAdminRoles

      public static Set<String> manageableAdminRoles()
    • getAdminIdFromMember

      public static String getAdminIdFromMember(Member member)
    • attachAdminIdToMember

      public static boolean attachAdminIdToMember(Member member, String adminId)
    • createAdminAccountPassword

      public static String createAdminAccountPassword()
      Creates a password for a new administrator account. The behavior of this method can be changed directly from the configuration files:
      Returns:
    • getExistingAdminRole

      public static Group getExistingAdminRole(GrouperSession session, Member member)
      Checks if the user is already a member of another admin role.
      Parameters:
      session - GrouperSession
      member - Member
      Returns:
      True if the user already belongs to another admin role group.
    • fetchOrCreateGrouperDuoAdministrator

      public static GrouperDuoAdministrator fetchOrCreateGrouperDuoAdministrator(Member member, boolean createIfNotFound, Map<String,GrouperDuoAdministrator> administrators)
      Fetches a GrouperDuoAdministrator object for a user, and handles updating the attributes attached to the user. This method will create an administrator account for the specified member, but will not handle the sync logic from the Groups. All GrouperDuoAdministrator accounts should have their state verified each iteration to evaluate all of the business logic.
      Parameters:
      member -
      createIfNotFound -
      Returns:
    • synchronizeMemberAndDuoAdministrator

      public static void synchronizeMemberAndDuoAdministrator(GrouperSession session, Member member, GrouperDuoAdministrator administrator)
    • isDuoGroupSyncEnabled

      public static boolean isDuoGroupSyncEnabled()
    • isDisableUnknownAdminAccountsEnabled

      public static boolean isDisableUnknownAdminAccountsEnabled()
      Config option for enabling the disabling of administrator accounts not associated with a Grouper user.
      Returns:
    • isDeleteUnknownAdminAccountsEnabled

      public static boolean isDeleteUnknownAdminAccountsEnabled()
      Configuration option for whether or not to delete administrators.
      Returns:
      true if deleting admin accounts is enabled.
    • deleteUnknownAdminAccountsAfterSeconds

      public static long deleteUnknownAdminAccountsAfterSeconds()
      Configuration option for how long since the last login before a disabled admin account can be enabled.
      Returns:
      number of seconds to wait before removing an admin account.
    • sendEmailToGroupMembers

      public static void sendEmailToGroupMembers(Group groupMembersToNotify, String subject, String body)
      Sends an email to all members of a Grouper group.
      Parameters:
      groupMembersToNotify - The group containing all of the receiving members
      subject - The subject of the email
      body - The body of the email
    • getSubjectAttributesForEmail

      public static String getSubjectAttributesForEmail(Subject subject)
      Build a formatted string of subject attributes for an error notification.
    • removeSubjectFromDuoAdminGroups

      public static boolean removeSubjectFromDuoAdminGroups(GrouperSession session, Subject subject)
      Removes a subject from all Duo Admin groups.
      Parameters:
      session -
      subject -
      Returns: