PennGroups

From Provider Wiki

Jump to: navigation, search

Contents


[1]Download the client

Email the support listserv: penngroups-help@lists.upenn.edu

To request access to PennGroups, submit an access form: [2]http://www.upenn.edu/computing/penngroups/pennGroupsAccess.pdf

[3]Course list description

FAQ:

How can I see the name and description from the grouperClient (or WS)?

 [mchyzer@flash pennGroupsClient-1.4.2]$ java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME,EMAIL,name,description --outputTemplate='${wsSubject.attributeValues[0]} ${wsSubject.attributeValues[1]} ${wsSubject.attributeValues[2]}: ${wsSubject.attributeValues[3]}$newline$'
 bwh bwh@isc.upenn.edu Bryan W Hopkins: Bryan W Hopkins (bwh, 10064187) Pennpay, Staf (active)
 mchyzer mchyzer@isc.upenn.edu Michael Christopher Hyzer: Michael Christopher Hyzer (mchyzer, 10021368) Pennpay, Staf (active)

How can I edit group memberships in the UI?

See this page: PennGroupsUi

How can I test connectivity to the PennGroups?

You can try to list a public group we have setup with the PennGroups client:

 C:\temp>java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup
 GroupIndex 0: success: T: code: SUCCESS: group: test:testGroup: subjectIndex: 0: 10064187
 GroupIndex 0: success: T: code: SUCCESS: group: test:testGroup: subjectIndex: 1: 10021368

You can list the same group with ldap:

 C:\temp>java -jar grouperClient.jar --operation=getMembersLdap --groupName=test:testGroup

How can I return pennkeys from the web service?

You can specify to return pennnames, and you can use them in your output template:

 C:\temp>java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME --outputTemplate=${wsSubject.attributeValues[0]}$newline$
 bwh
 mchyzer

How can I query based on pennkey from the web service?

You can use the built in pennkey support in Penn's grouper client (needs custom configuration over the generic Grouper download):

 C:\temp>java -jar grouperClient.jar --operation=hasMemberWs --groupName=test:testGroup --pennKeys=mchyzer,bwh
 Index 0: success: T: code: IS_MEMBER: 10021368: true
 Index 1: success: T: code: IS_MEMBER: 10064187: true

How can I get pennnames and emails from a WS call?

 java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:testGroup --subjectAttributeNames=PENNNAME,EMAIL --outputTemplate='${wsSubject.attributeValues[0]} ${wsSubject.attributeValues[1]}$newline$'
 abc abc@isc.upenn.edu
 def def@isc.upenn.edu

How can I make a group which has a manual membership list and requires users to be faculty student or staff?

First off, you need permission to view the facultyStudentStaff group, email the support listserv penngroups-help@lists.upenn.edu. Then you can make this client request (note, the composite arguments shouldnt be necessary, but until it is fixed, use them and it will work). This makes a group, a system of record group (where the manual entries go), and the overall group is a composite intersection of the manual group and the facultyStudentStaff group.

 C:\temp>java -jar grouperClient.jar --operation=groupSaveWs --name=test:isc:astt:chris:myGroup --includeGroupDetail=true --description="test group with requiring active facultyStudentStaff" --displayExtension="My test group" --attributeName0=requireAlsoInGroups --attributeValue0=penn:community:facultyStudentStaff --typeNames=requireInGroups --compositeType=INTERSECTION --leftGroupName=test:isc:astt:chris:myGroup_systemOfRecord --rightGroupName=penn:community:facultyStudentStaff
 Success: T: code: SUCCESS_INSERTED: test:isc:astt:chris:myGroup

What does that look like in a soap request?

 <?xml version='1.0' encoding='UTF-8'?>
 <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Body>
     <ns1:groupSave xmlns:ns1="http://soap.ws.grouper.middleware.internet2.edu/xsd">
       <ns1:clientVersion>v1_4_002</ns1:clientVersion>
       <ns1:wsGroupToSaves>
         <ns1:wsGroup>
           <ns1:description>
             test group with requiring active facultyStudentStaff
           </ns1:description>
           <ns1:detail>
             <ns1:attributeNames>requireAlsoInGroups</ns1:attributeNames>
             <ns1:attributeValues>penn:community:facultyStudentStaff</ns1:attributeValues>
             <ns1:compositeType>intersection</ns1:compositeType>
             <ns1:hasComposite>T</ns1:hasComposite>
             <ns1:leftGroup>
               <ns1:description></ns1:description>
               <ns1:displayExtension></ns1:displayExtension>
               <ns1:displayName></ns1:displayName>
               <ns1:extension></ns1:extension>
               <ns1:name>penn:community:facultyStudentStaff</ns1:name>
               <ns1:uuid></ns1:uuid>
             </ns1:leftGroup>
             <ns1:rightGroup>
               <ns1:description></ns1:description>
               <ns1:displayExtension></ns1:displayExtension>
               <ns1:displayName></ns1:displayName>
               <ns1:extension></ns1:extension>
               <ns1:name>test:isc:astt:chris:myGroup_systemOfRecord</ns1:name>
               <ns1:uuid></ns1:uuid>
             </ns1:rightGroup>
             <ns1:typeNames>requireInGroups</ns1:typeNames>
           </ns1:detail>
           <ns1:displayExtension>My test group</ns1:displayExtension>
           <ns1:extension>myGroup</ns1:extension>
           <ns1:name>test:isc:astt:chris:myGroup</ns1:name>
         </ns1:wsGroup>
         <ns1:wsGroupLookup>
           <ns1:groupName>test:isc:astt:chris:myGroup</ns1:groupName>
         </ns1:wsGroupLookup>
       </ns1:wsGroupToSaves>
       <ns1:actAsSubjectLookup>
         <ns1:subjectId></ns1:subjectId>
       </ns1:actAsSubjectLookup>
       <ns1:txType></ns1:txType>
       <ns1:includeGroupDetail>T</ns1:includeGroupDetail>
     </ns1:groupSave>
   </soapenv:Body>
 </soapenv:Envelope>

Grouper Client setup:

To use PennGroups, or the Pennkey to PennID translation service, you need a kerberos service principal. You can use the Grouper Client, or web services, you need have a known password. To just use LDAP directly, you can use a known password or another method. Here are the commands that your kadmin (kerberos administrator) can issue to create a kerberos service principal with a known password (ON UNIX), assuming the kadmin principal is lila/kadmin-isc-seo.upenn.edu, and the principal to create is: penngroups/medley-test.isc-seo.upenn.edu

 [lila@bastion ~]$ kadmin -p lila/kadmin-isc-seo.upenn.edu
 Authenticating as principal lila/kadmin-isc-seo.upenn.edu with password.
 Password for lila/kadmin-isc-seo.upenn.edu@UPENN.EDU: 
 kadmin:  addprinc -randkey +requires_preauth penngroups/medley-test.isc-seo.upenn.edu
 NOTICE: no policy specified for penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU; assigning "default"
 Principal "penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU" created.
 kadmin:  cpw penngroups/medley-test.isc-seo.upenn.edu
 Enter password for principal "penngroups/medley-test.isc-seo.upenn.edu": 
 Re-enter password for principal "penngroups/medley-test.isc-seo.upenn.edu": 
 Password for "penngroups/medley-test.isc-seo.upenn.edu@UPENN.EDU" changed.

For windows, you dont need the -p. http://www.upenn.edu/computing/pennkey/sysadmin/e_install_win/kadmin.html

If you issued those commands, then the principal to login with in grouperClient or web services would be: penngroups/medley-test.isc-seo.upenn.edu. NOTE: the kerberos principal is case-sensitive.

You can test the creation by getting a Kerberos ticket with that login/pass (e.g. leash)

Windows users will need to install the kadmin tool as noted at http://www.upenn.edu/computing/pennkey/sysadmin/e_install_win/kadmin.html. More information on creating and managing non-user Kerberos principals is available at http://www.upenn.edu/computing/pennkey/sysadmin/c_install_gen/kadmin-howto.html.

Subject/Entity API:

Subject attributes

The following are attributes you can get from WS or grouperClient:

name: person's name. This is private and should not be published

description: description you see in the UI (don't parse this, it is subject to change), this is useful in list results

EMAIL: person's private email address. Do not publish this, it is for university purposes only!

id: pennid

PENNNAME: pennkey

EMAIL_PUBLIC: (future): public email address that you can publish

NAME_PUBLIC: (future): public name that you can publish

FIRST_NAME: (future): private first name

LAST_NAME: (future): private last name

PERSON_ACTIVE: (future): T or F as to whether this person is active

NAME_FIRST_PUBLIC: (future): public first name

NAME_LAST_PUBLIC: (future): public last name

Grouper Client USAGE:

This program runs queries against grouper ldap and web services The system exit code will be 0 for success, and not 0 for failure Output data is printed to stdout, error messages are printed to stderr or logs (configured in grouper.client.properties) Grouper client webpage: https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+Client

Arguments are in the format: --argName=argValue

Example argument: --operation=encryptPassword

Example argument(OS dependent): --operation="value with whitespace"

Optional arguments below are in [brackets]

Misc Operations

Encrypt passwords for storing passwords in external encrypted files:

 java -jar grouperClient.jar --operation=encryptPassword
 [--dontMask=true|false]

Usage (this message):

 java -jar grouperClient.jar

Send file to web service:

 java -jar grouperClient.jar --operation=sendFile --urlSuffix=groups/aStem:aGroup/members 
 [fileName=theFileName]
 [fileContents=theFileContents]
 [--contentType=text/xml]
 [--labelForLog=addMember]
 [--indentOutput=false]
 [--saveResultsToFile=fileName]
 [--debug=true]
 [--clientVersion=someVersion]
 e.g. java -jar grouperClient.jar --operation=sendFile --fileName="C:/addMember.xml" --urlSuffix=groups/aStem:aGroup/members

LDAP Operations

pennname to pennid usage:

 java -jar grouperClient.jar --operation=pennnameToPennid --pennnameToDecode=pennname
 [--saveResultsToFile=fileName]
 [--outputTemplate=somePattern]
 [--debug=true]
 e.g.: java -jar grouperClient --operation=pennnameToPennid --pennnameToDecode=jsmith
 output: pennid: 12341234

pennid to pennname usage:

 java -jar grouperClient.jar --operation=pennidToPennkey --pennidToDecode=pennid
 [--saveResultsToFile=fileName]
 [--outputTemplate=somePattern]
 [--debug=true]
 e.g.: java -jar grouperClient --operation=pennidToPennkey --pennidToDecode=12341234
 output: pennname: jsmith

hasMember ldap usage:

 java -jar grouperClient.jar --operation=hasMemberLdap --groupName=a:b:c --pennnameToCheck=pennkey
 [--saveResultsToFile=fileName]
 [--outputTemplate=somePattern]
 [--debug=true]
 e.g.: java -jar grouperClient --operation=hasMemberLdap --groupName=penn:myfolder:mygroup --pennnameToCheck=jsmith
 output: hasMemberLdap: true

getMembers ldap usage:

 java -jar grouperClient.jar --operation=getMembersLdap --groupName=a:b:c
 [--saveResultsToFile=fileName]
 [--outputTemplate=somePattern]
 [--debug=true]
 e.g.: java -jar grouperClient --operation=getMembersLdap --groupName=penn:myfolder:mygroup
 output: groupList: jsmith, tsmith, msmith
 note: extremely large group lists might not display fully (e.g. over 1000 members)

Web Service Operations

addMemberWs web service usage (note: you can replace all members of a group also):

 java -jar grouperClient.jar --operation=addMemberWs --groupName=a:b:c 
 [--subjectIds=subjId0,subjId1] 
 [--subjectIdentifiers=subjIdent0,subjIdent1] 
 [--subjectSources=source0,source1] 
 [--subjectIdsFile=fileName] 
 [--subjectIdentifiersFile=fileName] 
 [--subjectSourcesFile=fileName] 
 [--defaultSubjectSource=subjectSourceId] 
 [--fieldName=fieldNameToAdd] 
 [--txType=GcTransactionType] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--replaceAllExisting=true|false] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=addMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
 output line: Index 0: success: T: code: SUCCESS: 12345
 

getMembersWs web service usage:

 java -jar grouperClient.jar --operation=getMembersWs --groupNames=a:b:c,a:b:d 
 [--fieldName=fieldNameToAdd] 
 [--memberFilter=GcMemberFilter] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=getMembersWs --groupNames=aStem:aGroup,aStem:aGroup2
 output line: GroupIndex 0: success: T: code: SUCCESS: group: aStem:aGroup: subjectIndex: 0: 12345

deleteMemberWs web service usage:

 java -jar grouperClient.jar --operation=deleteMemberWs --groupName=a:b:c 
 [--subjectIds=subjId0,subjId1] 
 [--subjectIdentifiers=subjIdent0,subjIdent1] 
 [--subjectSources=source0,source1] 
 [--subjectIdsFile=fileName] 
 [--subjectIdentifiersFile=fileName] 
 [--subjectSourcesFile=fileName] 
 [--defaultSubjectSource=subjectSourceId] 
 [--fieldName=fieldNameToAdd] 
 [--txType=GcTransactionType] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=deleteMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
 output line: Index 0: success: T: code: SUCCESS: 12345
 

hasMemberWs web service usage:

 java -jar grouperClient.jar --operation=hasMemberWs --groupName=a:b:c 
 [--subjectIds=subjId0,subjId1] 
 [--subjectIdentifiers=subjIdent0,subjIdent1] 
 [--subjectSources=source0,source1] 
 [--subjectIdsFile=fileName] 
 [--subjectIdentifiersFile=fileName] 
 [--subjectSourcesFile=fileName] 
 [--defaultSubjectSource=subjectSourceId] 
 [--fieldName=fieldNameToAdd] 
 [--memberFilter=GcMemberFilter] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=hasMemberWs --groupName=aStem:aGroup --subjectIds=12345,23456
 output line: Index 0: success: T: code: IS_MEMBER: 12345: true
 

getGroupsWs web service usage:

 java -jar grouperClient.jar --operation=getGroupsWs 
 [--subjectIds=subjId0,subjId1] 
 [--subjectIdentifiers=subjIdent0,subjIdent1] 
 [--subjectSources=source0,source1] 
 [--subjectIdsFile=fileName] 
 [--subjectIdentifiersFile=fileName] 
 [--subjectSourcesFile=fileName] 
 [--defaultSubjectSource=subjectSourceId] 
 [--memberFilter=GcMemberFilter] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=getGroupsWs --subjectIds=12345,23456
 output line: SubjectIndex 0: success: T: code: SUCCESS: subject: 12345: groupIndex: 0: aStem:aGroup2

groupSaveWs web service usage:

 java -jar grouperClient.jar --operation=groupSaveWs --name=a:b:c 
 [--includeGroupDetail=true] 
 [--txType=transactionType] 
 [--saveMode=SaveMode] 
 [--groupLookupName=a:b:c] 
 [--groupLookupUuid=sd87f-dsf87-sdf89-df78f]  
 [--description=theDescription] 
 [--displayExtension=theDisplayExtension] 
 [--attributeName0=someName] 
 [--attributeValue0=someValue] 
 [--attributeNameX=xthName] 
 [--attributeValueX=xthValue] 
 [--compositeType=COMPLEMENT|INTERSECTION|UNION] 
 [--leftGroupName=compositeLeft] 
 [--rightGroupName=compositeRight] 
 [--groupDetailParamName0=paramName] 
 [--groupDetailParamValue0=paramValue] 
 [--groupDetailParamNameX=xthName] 
 [--groupDetailParamNameX=xthValue] 
 [--typeNames=namesOfGroupTypes]  
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=groupSaveWs --name=aStem:aGroup
 output: Success: T: code: SUCCESS_INSERTED: aStem:aGroup
 

stemSaveWs web service usage:

 java -jar grouperClient.jar --operation=stemSaveWs --name=groupName 
 [--txType=transactionType] 
 [--saveMode=SaveMode] 
 [--stemLookupName=theName] 
 [--stemLookupUuid=theUuid] 
 [--description=theDescription] 
 [--displayExtension=theDisplayExtension] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=stemSaveWs --name=aStem:someStem
 output: Success: T: code: SUCCESS_INSERTED: aStem:someStem

groupDeleteWs web service usage:

 java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=groupName0,groupName1 
 [--txType=GcTransactionType] 
 [--includeGroupDetail=true|false] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=aStem:aGroup0,aStem:aGroup1
 output line: Index 0: success: T: code: SUCCESS: aStem:aGroup0

stemDeleteWs web service usage:

 java -jar grouperClient.jar --operation=stemDeleteWs --stemNames=a:b,a:c 
 [--txType=GcTransactionType] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=stemDeleteWs --groupNames=aStem:aStem0,aStem:aStem1
 output line: Index 0: success: T: code: SUCCESS: aStem:aStem0

getGrouperPrivilegesLiteWs web service usage

 java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs 
 [--groupName=a:b:c] 
 [--stemName=a:b] 
 [--privilegeName=admin|view|read|optin|optout|update|stem|create|etc] 
 [--privilegeType=access|naming|etc] 
 [--subjectId=subjId0] 
 [--subjectIdentifier=subjIdent0] 
 [--subjectSource=source0] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0
 output line: Index 0: success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin

assignGrouperPrivilegesLiteWs web service usage

 java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --privilegeName=admin|view|read|optin|optout|update|stem|create|etc --allowed=true|false 
 [--groupName=a:b:c] 
 [--stemName=a:b] 
 [--privilegeType=access|naming|etc] 
 [--subjectId=subjId0] 
 [--subjectIdentifier=subjIdent0] 
 [--subjectSource=source0] 
 [--includeGroupDetail=true|false] 
 [--includeSubjectDetail=true|false] 
 [--subjectAttributeNames=name0,name1] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--saveResultsToFile=fileName] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --groupName=aStem:aGroup --subjectId=test.subject.0 --privilegeName=admin --allowed=true
 output: Success: T: code: SUCCESS: group: aStem:aGroup: subject: test.subject.0: access: admin

findGroupsWs web service usage

 java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_EXACT_ATTRIBUTE|FIND_BY_GROUP_NAME_APPROXIMATE|FIND_BY_GROUP_NAME_EXACT|FIND_BY_GROUP_UUID|FIND_BY_STEM_NAME|FIND_BY_TYPE|etc 
 [--groupName=a:b:c]  
 [--groupUuid=12as-1234gjth] 
 [--stemName=aStem:someStem] 
 [--stemUuid=sfds-sds234] 
 [--stemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] 
 [--groupTypeName=someName] 
 [--groupAttributeName=someName] 
 [--groupAttributeValue=someValue] 
 [--includeGroupDetail=true|false] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup
 output: Index 0: name: aStem:aGroup, displayName: A stem:A Group
 Note: to specify group math, use queryFilterType of AND|OR|MINUS, and then specify attribute for the left group with a 0 after attribute name, and 1 for the right group. 
 e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=OR --queryFilterType0=OR --queryFilterType00=FIND_BY_GROUP_NAME_APPROXIMATE --groupName00=aStem:aGroup --queryFilterType01=FIND_BY_GROUP_NAME_APPROXIMATE --groupName01=aStem:aGroup --queryFilterType1=FIND_BY_GROUP_NAME_APPROXIMATE --groupName1=aStem:aGroup
 Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsQueryFilterType
 or use trial and error

findStemsWs web service usage

 java -jar grouperClient.jar --operation=findStemsWs --queryFilterType=AND|MINUS|OR|FIND_BY_APPROXIMATE_ATTRIBUTE|FIND_BY_PARENT_STEM_NAME|FIND_BY_STEM_NAME|FIND_BY_STEM_NAME_APPROXIMATE|FIND_BY_STEM_UUID|etc 
 [--stemName=a:b:c] 
 [--stemUuid=12as-1234gjth] 
 [--parentStemName=aStem:someStem] 
 [--parentStemNameScope=ONE_LEVEL|ALL_IN_SUBTREE] 
 [--stemAttributeName=someName] 
 [--stemAttributeValue=someValue] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup
 output: Index 0: name: aStem:aStem0, displayName: A stem:A Stem 0
 Note: to specify group math, use stemQueryFilterType of AND|OR|MINUS, and then specify attribute for the left stem with a 0 after attribute name, and 1 for the right stem. 
 e.g.: java -jar grouperClient.jar --operation=findStemsWs --stemQueryFilterType=OR --stemQueryFilterType0=OR --stemQueryFilterType00=FIND_BY_STEM_NAME --stemName00=aStem --stemQueryFilterType01=FIND_BY_STEM_NAME --stemName01=aStem --stemQueryFilterType1=FIND_BY_STEM_NAME --stemName1=aStem
 Note: it is not clear which attributes go with which filter types, the rules are in the Java class: WsStemQueryFilterType
 or use trial and error

memberChangeSubjectWs web service usage (note: you need to be in the sysAdminGroup or actAs someone who is)

 java -jar grouperClient.jar --operation=memberChangeSubjectWs 
 [--oldSubjectId=oldId] 
 [--oldSubjectIdentifier=oldIdent] 
 [--oldSubjectSource=oldSourceId] 
 [--newSubjectId=newId] 
 [--newSubjectIdentifier=newIdent] 
 [--newSubjectSource=newSourceId] 
 [--deleteOldMember=false] 
 [--actAsSubjectId=subjId] 
 [--actAsSubjectIdentifier=subjIdent] 
 [--actAsSubjectSource=source] 
 [--outputTemplate=somePattern] 
 [--paramName0=name0] 
 [--paramValue0=value1] 
 [--paramNameX=xthParamName] 
 [--paramValueX=xthParamValue] 
 [--debug=true] 
 [--clientVersion=someVersion]
 e.g.: --operation=memberChangeSubjectWs --oldSubjectId=test.subject.0 --newSubjectId=test.subject.1 --actAsSubjectId=GrouperSystem
 output: Success: T: code: SUCCESS: oldSubject: test.subject.0, newSubject: test.subject.1


Common Options

 --outputTemplate=${index}: ${wsGroup.name}
   the output template allow the caller to customize what is displayed in the output from the XML
   anything in ${} will be evaluated, and there are different variables available for various operations.
   if you pass in --debug=true, it will tell you the xml and the variables you can use.  You can drill down
   in the variables, e.g. ${wsGroupDeleteResult.wsGroup.name}, you can do operations, e.g. ${index+1},
   you can do simple string utilities from GrouperClientUtils or GrouperClientCommonUtils, e.g.
   ${grouperClientUtils.trimToEmpty(wsGroup.name)}
   
 --debug=true
   this will display debug information including the request and response to stderr
   
 --saveResultsToFile=/tmp/somefile.txt
   you can save the stdout to a file if you like
   
 --actAsSubjectId=subjId --actAsSubjectIdentifier=subjIdent --actAsSubjectSource=source
   if you want to run the operation as a different user than the user who is authenticating
   to the web service, then specify the actAsSubjectId or actAsSubjectIdentifier (and optionally
   the actAsSubjectSource).  You would do this e.g. to run a command as admin, or as a user who
   is using the end layer application.  Note you need permissions to do this in grouper.
 
 --paramName0=name0 --paramValue0=value1 --paramNameX=xthParamName --paramValueX=xthParamValue
   you can specify params in name/value pairs if the operation supports it (see grouper
   web service documentation for details)
 
 --clientVersion=someVersion
   generally this does not need to be changed.  This is the version label sent to the web service
   which might affect the output from the web service.  Not it does not affect the request to the
   web service (besides the label), it only affect the response from the web service.
 --txType=GcTransactionType
   affects how batched operations are executed on the server (e.g. adding multiple subjects to a group)
   generally the only values which make sense are to use a large transaction or not: READ_WRITE_NEW, NONE
 --includeGroupDetail=true
   if applicable, this option will return not only the group's name, but more information such as the
   attribuites, types, composite members, etc.
     
 --subjectAttributeNames=a,b,c
   if applicable, subjects will be returned from the server with these attributes in a string array

Samples and Examples: