Time
S
Nick
Message
00:46 axfelix joined #dataverse
03:46 axfelix joined #dataverse
08:01 bencomp joined #dataverse
08:18 bencomp1 joined #dataverse
13:24 pdurbin
bencomp1: hello
13:32 pdurbin
LyndsySimon: I'm getting #openscienceframework: Cannot join channel (+i) - you must be invited :(
13:34 pdurbin
I was recommending OSF to a friend and she did this search and found zero results: https://osf.io/search/?q=lab+notebooks
13:34 pdurbin
she was wondering if OSF can be used for lab notebooks
13:34 bencomp
pdurbin: hi
13:34 * pdurbin
rubs hands together
13:34 pdurbin
bencomp: so! we deployed some shib code to our demo site last night
13:34 * bencomp
ducks
13:35 pdurbin
https://dataverse-demo.iq.harvard.edu/loginpage.xhtml
13:35 * bencomp
slowly looks over his desk
13:35 pdurbin
bencomp: do you have any interest it trying to log in with your IdP?
13:37 bencomp
sure
13:37 bencomp
let me see if we can make a direct connection rather than through SURFconext
13:38 pdurbin
ok, you can download our metadata from https://dataverse-demo.iq.harvard.edu/Shibboleth.sso/Metadata
13:40 bencomp
I created a ticket with Arnoud
13:41 bencomp
can't promise anything though, but it would make a cool demo on October 20, when I finally present DDN to the whole of DANS
13:42 pdurbin
ah, nice
13:43 pdurbin
I've only tested with two IdPs so far, TestShib and Harvard. Would like to test more.
13:44 pdurbin
I'm still new to Shibboleth. Not sure which attributes people use.
14:09 axfelix joined #dataverse
14:43 bencomp
pdurbin: Sorry, we can't connect our IdP
14:44 bencomp
our own IdP from KNAW won't do it because it's too much of a hassle, and SURFconext won't do it because of privacy issues
14:44 bencomp
… says Arnoud
14:44 pdurbin
hmm. interesting
14:45 pdurbin
I mean, are you interested in being able to log into Harvard's installation of Dataverse?
14:45 pdurbin
or do you just want Shibboleth to work for your own installation of Dataverse?
14:45 bencomp
but attributes can be mapped
14:46 pdurbin
Shibboleth a hassle? you must be joking ;)
14:47 bencomp
mostly the latter, though I would be interested in logging in to see that it works
14:47 bencomp
I already logged in using TestShib just now
14:47 bencomp
:)
14:49 bencomp
I did point at https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext before, didn't I?
14:54 * pdurbin
looks again
14:55 pdurbin
bencomp: hmm, so you don't seem to use eppn
14:56 pdurbin
you're using eduPersonTargetedID instead
14:57 pdurbin
so it wouldn't work right now with your IdP anyway
14:58 bencomp
dare I say the current implementation uses the first email address, converted to lower case?
14:59 pdurbin
hmm?
14:59 bencomp
that is how we currently identify users
14:59 pdurbin
there's not a ton of business logic in there yet: https://github.com/IQSS/dataverse/blob/master/src/main/java/edu/harvard/iq/dataverse/Shib.java
15:03 pdurbin
bencomp: oh, I see what you're saying, I think
15:03 pdurbin
let's get away from email addresses as identifiers for people
15:03 pdurbin
I'm using eppn instead
15:03 bencomp
+1
15:04 pdurbin
can you send eduPersonTargetedID as eppn?
15:06 pdurbin
this is a continuation of the discussion here: [dvn-auth] Shibboleth persistent identifier: persistent-id vs. eppn vs. ePTID vs. NameID - https://lists.iq.harvard.edu/pipermail/dvn-auth/2014-July/000016.html
15:06 bencomp
what do you mean? who sends when what?
15:07 pdurbin
:)
15:08 pdurbin
the TestShib IdP and the Harvard IdP send me "eppn" (eduPersonPrincipalName) as a "user identifier"
15:09 pdurbin
bencomp: it looks like eduPersonTargetedID is used instead in your world: https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext#AttributesinSURFconext-Useridentifiers
15:10 bencomp
I see in our shibd.log that we don't map the eduPersonPrincipalName and that it is "skipped"
15:17 pdurbin
bencomp: could you map it?
15:23 bencomp
pdurbin: I'm looking at the attribute-map.xml and it looks the same as you got from Arnoud by email on June 11
15:24 bencomp
I'm not sure what to make of it, but it looks like we're mapping the eduPersonTargetedID
15:25 pdurbin
bencomp: this is the one I'm using: https://github.com/IQSS/dataverse/blob/master/conf/vagrant/etc/shibboleth/attribute-map.xml
15:27 pdurbin
which is almost the default as the one that ships with Shibboleth. Or at least the one I get when I do `yum install shibboleth`. The only difference is that I uncomment all the attributes where it says "Some more eduPerson attributes, uncomment these to use them.."
15:30 esotiri_ joined #dataverse
15:32 bencomp
pdurbin: can I get back to you on this? your q right now is "can we map eduPersonTargetedID or eduPersonPrincipalName", correct? we should look at our logs to see what comes in
15:32 bencomp
(I need to drink beer ;)
15:33 pdurbin
go drink some beer. my question can wait :)
15:33 pdurbin
drink one for me
15:33 bencomp
cool
15:33 pdurbin
esotiri_: thanks for your help getting the shib code deployed last night!
15:33 bencomp
can't drink too many, but will do
15:35 esotiri_
welcome :)
15:36 pdurbin
bencomp: drink one for esotiri_ too
15:38 pdurbin
esotiri_: do we have graphs of warnings from builds now? remember thank jenkins thing you set up?
15:40 bencomp
"ttyl"
15:43 axfelix joined #dataverse
15:43 esotiri_
some graphs are enabled but need configuration. I will look some more into it
15:45 pdurbin
ah, ok. I haven't looked
15:58 axfelix joined #dataverse
16:48 pdurbin
hooray! http://datascience.iq.harvard.edu/blog/try-out-single-sign-shibboleth-40-beta
17:03 metamattj joined #dataverse
17:29 axfelix joined #dataverse
18:15 axfelix joined #dataverse
19:29 axfelix joined #dataverse
19:58 mjturk
pdurbin: that IS a hooray
20:03 axfelix joined #dataverse
20:39 pdurbin
mjturk: yeah? you like :)
20:39 mjturk
pdurbin: yes.
20:40 pdurbin
mjturk: do you have an IdP I can test with?
20:40 pdurbin
see also [dvn-auth] Fwd: [Dataverse-Users] Try out Single Sign-On With Shibboleth in 4.0 Beta - https://lists.iq.harvard.edu/pipermail/dvn-auth/2014-October/000019.html
20:41 mjturk
pdurbin: IdP? (I confess I don't know!)
20:43 pdurbin_m joined #dataverse
20:44 pdurbin_m
mjturk: heh. sorry. identity provider
20:45 mjturk
ah, UIUC?
20:48 pdurbin_m
you're with http://illinois.edu ?
20:48 mjturk
yup
20:49 pdurbin_m
know the identity people there?
20:52 mjturk
pdurbin_m: friend-of-friend :)
20:57 pdurbin_m
close enough!
21:06 pdurbin_m
mjturk: let's get UIUC on the list at https://dataverse-demo.iq.harvard.edu/loginpage.xhtml :)
22:01 mjturk
pdurbin_m: sounds good. i'll reach out and find the appropriate contacts here.
22:02 pdurbin
now you're talkin'
22:02 pdurbin
mjturk: thanks!
22:11 axfelix joined #dataverse
22:19 axfelix joined #dataverse
