Time
S
Nick
Message
07:55 majestic joined #dataverse
12:58 bricas
hey y'all. i'm looking for some help with shib integration. i feel like i'm pretty close to getting it all working.
12:58 pdurbin
bricas: happy to help. what do you need?
13:03 bricas
pdurbin: so i've gotten the metadata exchange and all that done with my institution, that seems to let me login -- however after i login i get basicall a blank account screen and clicking anywhere still forces me to login again
13:03 pdurbin
bricas: hmm. Did you get it all working with the IdP at http://www.testshib.org ?
13:04 pdurbin
bricas: oh, actually... first... Is your root dataverse published?
13:04 bricas
no actually i've done nothing with the actual dataverses yet
13:04 pdurbin
please see http://guides.dataverse.org/en/4.4/installation/config.html#publishing-the-root-dataverse
13:08 bricas
okay. will try that.
13:12 bricas
is there any harm in just publishing it as-is -- i assume most everything can be edited post install? (this will be our production installation so if things need to be customized before hand i need to let people know :)
13:13 pdurbin
no harm. you can change stuff later
13:15 bricas
Error – This dataverse was not able to be published.
13:15 pdurbin
huh
13:16 bricas
welp. i dun messed something up. :)
13:16 pdurbin
I'm going to guess there's a stacktrace in server.log
13:19 bricas
looks like solr stuff -- i'm *trying* to use solr5 on a remote server which may be a non-starter. i was hoping i could just plunk in the solr5 config from that PR i saw and be on my way :)
13:20 pdurbin
oh, yeah, I've never tested with solr 5. may not work at all
13:21 bricas
it's throwing 404s for /solr/dataverse/solr/update and /solr/dataverse/solr/spell
13:21 bricas
let me consult the PR
13:21 pdurbin
bricas: I'd suggest using Solr 4.6.0
13:23 bricas
oh dang, it seems to add an extra /solr/ in there. /solr/dataverse/spell works just fine
13:27 bricas
so i'm guessing that dataverse currently assumes that solr resides at $SOLR_URL/solr ?
13:28 pdurbin
bricas: right: https://github.com/IQSS/dataverse/blob/v4.4/src/main/java/edu/harvard/iq/dataverse/search/SearchServiceBean.java#L91
13:34 mjturk joined #dataverse
13:42 pdurbin
bricas: I've never even installed Solr 5. I can't support it.
13:44 bsilverstein joined #dataverse
13:46 bricas
pdurbin: ugh. i guess i'll install 4.x -- thought maybe i could just change the paths to include /solr but i can't be bothered. :)
13:47 pdurbin
using Solr 4.6.0 will keep you in sync with all the other installations
13:49 bricas
are there known issues with newer 4.x solrs?
13:50 pdurbin
dunno
13:51 pdurbin
I don't think anyone is actively working on https://github.com/IQSS/dataverse/issues/456
14:14 bricas
i think ideally things would be working towards 5.x/6.x instead of the latest 4 since it's basically obsolete.
14:14 bricas
i'll give the latest 4.x a shot and see what breaks :)
14:24 pdurbin
sounds good :)
15:10 bricas
pdurbin: there we go. i guess dataverse doesn't do multi-core setups at all (even 4.x)
15:14 pdurbin
bricas: by mult-core to you mean SolrCloud?
15:17 bricas
pdurbin: erm, i guess i'm not 100% sure about the terminology, but i think just multi-core: https://wiki.apache.org/solr/MultiCore
15:17 bricas
it just means i can have more than one thing indexed on the same solr instance
15:18 bricas
for multicore, urls would be something like localhost:8983/solr/corename/spell instead of localhost:8983/solr/spell which indicates a single-core instance
15:20 bricas
a super quick fix for dataverse would be to have the endpoint stored in the config and not just the server so i could use any multi-core instance and even test the 5.x stuff
15:20 bricas
of course, that breaks everyone else's dataverse install until they update their config :)
15:20 pdurbin
well, we don't want to break everything :)
15:22 bricas
well, it's a very simple fix. is there any sort of automated upgrade process that happens when a person installs the new war file?
15:23 bricas
you could just tack on /solr to their config value and everything is peachy.
15:24 pdurbin
not a bad suggestion. please feel free to open an issue for this
15:24 bricas
will do!
15:25 bricas
btw, login still doesn't work. i get this error though: The SAML assertion for "Shib-Identity-Provider" was null. Please contact support.
15:25 bricas
which i saw was a requirement in the docs, but i'm unsure how to make that happen.
15:31 pdurbin
bricas: did you have any trouble with the steps in http://guides.dataverse.org/en/4.4/installation/shibboleth.html ?
15:33 bricas
no generally, though my shib install didn't automatically generate certs so i had to do that
15:34 bricas
also, at this point i guess i'm stuck on the required shib attributes
15:38 bricas
i have a feeling that particular attribute is something i can't control and have to ask my IdP about
15:53 bricas
pdurbin: do you know if that attribute is something i need to ask the IdP about?
15:59 pdurbin
bricas: I *thought* "Shib-Identity-Provider" was *always* sent. I'm wondering if you have the "Location /shib.xhtml" stuff set up properly: http://guides.dataverse.org/en/4.4/installation/shibboleth.html#edit-apache-ssl-conf-file
16:03 bricas
I have exactly exactly what is in the docs
16:04 bricas
a quick googling shows this: The built-in variables can be disabled (to avoid duplication with the extractor) with the content setting of exportStdVars="false".
16:04 bricas
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess
16:09 pdurbin
bricas: I'd be curious to know what you see at your equivalent of https://demo.dataverse.org/Shibboleth.sso/Session
16:11 bricas
https://nopaste.me/view/e34b4bc9
16:14 pdurbin
for me it's Identity Provider: https://fed.huit.harvard.edu/idp/shibboleth
16:15 pdurbin
https://paste.fedoraproject.org/392224/85850114/
16:37 bricas
well. i'm stumped for now.
16:39 pdurbin
bricas: does http://guides.dataverse.org/en/4.4/installation/shibboleth.html#debugging help at all?
16:59 bricas
pdurbin: i'll add the extra logging and see what i can see
17:00 pdurbin
cool
17:02 bricas
https://nopaste.me/view/2ae4ab11
17:04 pdurbin
bricas: "shib values" should have some data in it, like this: https://github.com/IQSS/dataverse/issues/2916#issuecomment-191930952
17:05 bricas
oh. hrmm.
17:06 pdurbin
you added `attributePrefix="AJP_"` right?
17:06 pdurbin
http://guides.dataverse.org/en/4.4/installation/shibboleth.html#shibboleth2-xml
17:07 bricas
<ApplicationDefaults entityID="https://dataverse.lib.unb.ca/sp "
17:07 bricas
REMOTE_USER="eppn persistent-id targeted-id" attributePrefix="AJP_">
17:08 pdurbin
ok. good. I was just noticing that I mentioned AJP_ at https://github.com/IQSS/dataverse/blob/v4.4/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibUtil.java#L351
17:09 axfelix joined #dataverse
17:20 JonathanNeal joined #dataverse
17:25 JonathanNeal joined #dataverse
17:30 pdurbin
bricas: did you restart shibd and httpd after adding AJP_?
17:35 bricas
indeed.
17:38 pdurbin
hmm
17:38 pdurbin
bricas: is it working with the IdP at http://www.testshib.org ?
17:39 bricas
hadn't tried. i guess i should!
17:40 pdurbin
:)
17:40 pdurbin
if you would try it it would be great
17:50 bricas
same error, oddly enough. :)
18:06 axfelix joined #dataverse
18:30 bricas
pdurbin: i'll have to work at this later, but, any thoughts as to why the env vars aren't being passed?
18:43 pdurbin
bricas: nothing is jumping out at me. Sorry.
18:44 pdurbin
bricas: oh, do you have SELinux disabled?
19:00 skay_ joined #dataverse
19:10 axfelix joined #dataverse
19:43 axfelix joined #dataverse
20:22 pdurbin
SELinux needs to be disabled for Shibboleth to work
