Time
S
Nick
Message
02:03 axfelix joined #dataverse
02:20 axfelix joined #dataverse
04:27 axfelix joined #dataverse
05:32 axfelix joined #dataverse
05:32 axfelix joined #dataverse
05:41 garnett joined #dataverse
05:52 axfelix joined #dataverse
09:06 bencomp joined #dataverse
12:47 donsizemore joined #dataverse
12:49 donsizemore
knock knock?
12:54 pdurbin
donsizemore: good morning!
12:55 donsizemore
good morning to you =)
12:56 donsizemore
i'm experimenting with shibboleth and hoping for pointers
12:56 pdurbin
oh good
12:57 donsizemore
the SP works directly, but through Dataverse it crabs that the attribute "Shib-Identity-Provider" was null.
12:58 donsizemore
i did set this box up when 4.0.1 was current, and was wondering whether i should first upgrade to 4.1 before I do much more tinkering
12:59 pdurbin
no, that part of the code hasn't changed
12:59 pdurbin
donsizemore: want to try getting it working with the IdP at http://www.testshib.org ?
12:59 donsizemore
i didn't see too much of that in github.
13:00 donsizemore
certainly -- i can switch to it (i followed those instructions, but am using sso-test.isis.unc.edu instead)
13:02 donsizemore
if I browse to /Shibboleth.sso/Session it sees Identity Provider: https://sso-test.isis.unc.edu/idp; but it looks like Dataverse isn't picking that up. let me try with testshib.org first tho
13:02 pdurbin
donsizemore: after logging in, when I go to https://dataverse-demo.iq.harvard.edu/Shibboleth.sso/Session I see "Identity Provider: https://fed.huit.harvard.edu/idp/shibboleth " . Do you see something similar there?
13:07 pdurbin
sounds like you do. sounds like you're close
13:39 donsizemore
yes, testshib.org works fine
13:39 pdurbin
huh
13:40 donsizemore
sorry that took a minute, a couple of people have been through the office this morning.
13:41 donsizemore
one of UNC's identity management guys generated the attribute-map.xml he said I should use with UNC's SSO-test IdP, it seemed like Dataverse might be looking for an attribute in there and not finding it
13:42 pdurbin
hmm, it would be interesting to compare it with https://github.com/IQSS/dataverse/blob/v4.0.1/conf/vagrant/etc/shibboleth/attribute-map.xml
13:44 donsizemore
about 93k, for starters =)
13:44 pdurbin
:)
13:44 donsizemore
wait, it sent me HTML
13:45 pdurbin
donsizemore: there's a raw version
13:47 donsizemore
ah, the "more eduPerson attributes" is still commented in the one he sent me
13:47 donsizemore
as is the LDAP section
13:48 donsizemore37 joined #dataverse
13:49 pdurbin
hmm. well, in general my approach is to let more attributes through
13:51 donsizemore37
still getting the same " the attribute "Shib-Identity-Provider" was null." error with the more eduPerson and LDAP sections uncommented
13:57 pdurbin
donsizemore37: for fun what if you back up your attribute-map.xml file and try mine?
14:00 donsizemore37
same error
14:03 pdurbin
and yet you see it at /Shibboleth.sso/Session
14:04 pdurbin
donsizemore37: would you be able to ask your identity people what could be different about UNC's IdP vs. the IdP at testshib.org?
14:08 donsizemore37
certainly. he was asking me to try to dump the session attributes with PHP , and I have yet to get anything other than "undefined" for each of them
14:14 pdurbin
donsizemore37: I wonder if more information in the Dataverse server.log would help
14:15 donsizemore37
server.log only echoes "Shib-Identity-Provider" was null
14:15 pdurbin
yeah. which also bubbles up to the GUI
14:23 pdurbin
donsizemore37: the frustrating thing for me that it isn't easy to simply print out all the attributes I've received: Why doesn't Java's request.getAttributeNames() show Shibboleth attributes? - http://shibboleth.net/pipermail/users/2015-June/022258.html
14:31 bencomp
666 issues open...
14:31 bencomp
and I think I'll have to create another one
14:33 donsizemore37
calling a phpinfo() from beneath /secure seems to work
14:36 donsizemore37
and the script from https://dev.e-taxonomy.eu/trac/raw-attachment/wiki/ShibbolethSP2InstallDebianLenny/shibenv.php shows the attributes I want to see in $_SERVER
14:40 donsizemore37
Shib-Identity-Providerhttps://sso-test.isis.unc.edu/idp , and persistent-idhttps://sso-test.isis.unc.edu/idp!https://irss-dvn4-akiotest.irss.unc.edu/shibboleth! <hash>
14:40 donsizemore37
would i find anything in the glassfish console locally, or is there any local debugging i can be doing in the mean time?
14:43 donsizemore37
wait - UNC's SSO-test IdP isn't registered with inCommon
14:44 pdurbin
bencomp: go ahead
14:45 bencomp
pdurbin: no, didn't need to as my perceived bug was not a bug :)
14:50 pdurbin
donsizemore37: if you can see it from PHP I'm not sure why you can't see it from Java
14:53 donsizemore37
so I'll want to try again with UNC's production IdP rather than sso-test?
14:54 pdurbin
donsizemore37: I guess it couldn't hurt. So far I've statically listed IdPs in this file: https://github.com/IQSS/dataverse/blob/v4.0.1/conf/vagrant/etc/shibboleth/dataverse-idp-metadata.xml
14:55 pdurbin
https://dataverse-demo.iq.harvard.edu for example has a choice of three IdPs.
14:55 pdurbin
which you can see at https://dataverse-demo.iq.harvard.edu/Shibboleth.sso/DiscoFeed
14:57 donsizemore37
my DiscoFeed only displays "entityID": "https://sso-test.isis.unc.edu/idp "
14:58 pdurbin
that should be ok though
14:59 pdurbin
oh. hmm
14:59 pdurbin
donsizemore37: no "DisplayNames"?
14:59 pdurbin
I would think that would cause a different error, if any.
15:00 donsizemore37
i get an open bracket, open curly, "entityID": "https://sso-test.isis.unc.edu/idp ", close curly, close bracket
15:00 axfelix joined #dataverse
15:07 pdurbin
hmm
15:48 michbarsinai joined #dataverse
15:48 cnk joined #dataverse
15:54 pdurbin
michbarsinai: what if you run this? curl -X DELETE http://localhost:8080/api/admin/authenticatedUsers/homer
15:57 michbarsinai
org.postgresql.util.PSQLException: ERROR: update or delete on table "authenticateduser" violates foreign key constraint "fk_dvobject_creator_id" on table "dvobject"
16:04 pdurbin
michbarsinai: can you please log into the gui as a superuser and delete anything "homer" created? then re-run the delete?
16:05 pdurbin
michbarsinai: and also delete "ned" and "clancy" ?
16:15 michbarsinai joined #dataverse
16:42 bencomp
pdurbin: we're seeing WELD warnings in server.log on 4.1 "bean store leak" - does that ring a bell with you?
16:42 bencomp
I see it only in https://github.com/IQSS/dataverse/issues/1177 but not as an issue
16:50 pdurbin
bencomp: what version of Weld are you running?
16:54 bencomp
the one mentioned in the correct installation manual, after I pointed out to Eko that he had looked at the wrong manual at first
16:54 bencomp
but we still see these warnings
16:55 pdurbin
bencomp: I just ran this on my laptop and don't see any: grep 'Bean store leak' /Applications/NetBeans/glassfish4/glassfish/domains/domain1/logs/server.log*
16:56 pdurbin
donsizemore37: so what's our plan? how can I help?
16:56 pdurbin
donsizemore37: do you know bencomp? he's also running shibboleth
16:56 bencomp
pdurbin: thanks, I'll make sure we keep track of it
16:56 bencomp
pdurbin: we're working on Shibboleth
16:56 bencomp
i.e. getting it running
16:57 pdurbin
\o/
16:58 bencomp
don't hold your breath, though, I'm sure it will take another while
16:59 * pdurbin
stops holding his breath
16:59 bencomp
"while
17:00 bencomp
"while" completely depending on the sysadmin doing the work
17:03 bencomp
I'm off
17:03 pdurbin
o/
19:09 michbarsinai joined #dataverse
19:30 metamattj joined #dataverse
19:55 pdurbin
michbarsinai: tests passing here too. \o/
19:55 michbarsinai
Woot!
19:56 pdurbin
:)
20:01 pdurbin
donsizemore37: did you send me another message?
20:03 pdurbin
michbarsinai: oh, I had something for you to review (if you want) before I merge it in
20:03 michbarsinai
give me a minute, I'm getting the issue ready :_)
20:04 pdurbin
michbarsinai: oh good. well, here's the commit when you're ready: https://github.com/IQSS/dataverse/commit/a76fad29fa2a4519357b431575a99f38c13c69e2
20:24 pdurbin
donsizemore37: I need to pick up my kids from camp soon but lemme know what you'd like to try next.
20:57 donsizemore joined #dataverse
