Time
S
Nick
Message
00:03 djbrooke joined #dataverse
01:03 garnett joined #dataverse
01:20 axfelix joined #dataverse
02:06 djbrooke joined #dataverse
02:40 axfelix joined #dataverse
05:20 dataverse-user joined #dataverse
05:20 dataverse-user
hi
05:20 dataverse-user
im doing a checkup around a lot and this is shout, right? Not Lounge?
05:20 dataverse-user
I highly recommend upgrading
07:39 venki joined #dataverse
07:40 venki
Hi I am trying to setup Shibboleth in my institution
07:40 jri joined #dataverse
07:41 venki
and I am getting the following error "Problem with Identity Provider The SAML assertion for "eppn" was null. Please contact support."
07:42 venki
And when I check Shibboleth Session URL I find that the attributes are null.
07:42 venki
any ideas why is it so?
08:41 venki left #dataverse
09:06 djbrooke joined #dataverse
10:07 majest1c joined #dataverse
10:07 balo_ joined #dataverse
10:07 jeffspies______ joined #dataverse
10:07 rhiaro joined #dataverse
10:07 jri joined #dataverse
10:09 bricas_ joined #dataverse
10:09 telnoratti joined #dataverse
10:10 JonathanNeal joined #dataverse
10:10 skay_ joined #dataverse
10:28 skay joined #dataverse
10:28 bjonnh joined #dataverse
10:28 sivoais joined #dataverse
10:28 pdurbin joined #dataverse
10:28 telnoratti joined #dataverse
10:28 bricas_ joined #dataverse
10:28 skay_ joined #dataverse
10:28 JonathanNeal joined #dataverse
10:28 majest1c joined #dataverse
10:28 balo_ joined #dataverse
10:28 jeffspies______ joined #dataverse
10:28 rhiaro joined #dataverse
10:28 jri joined #dataverse
10:30 pdurbin
yeah, https://dataverse.example.edu/Shibboleth.sso/Session or whatever should show some data, as shown at http://guides.dataverse.org/en/4.5.1/installation/shibboleth.html#exchange-metadata-with-your-identity-provider
10:31 pdurbin
Per that page, I recommend testing with the IdP at http://testshib.org first.
10:35 sivoais joined #dataverse
11:19 bjonnh joined #dataverse
11:56 donsizemore joined #dataverse
12:46 pdurbin
donsizemore: good morning
12:46 donsizemore
@pdurbin welcome back!
12:47 pdurbin
donsizemore: thanks. Any interest in replying on this thread? RHEL Linux, SELinux and Shibboleth - Google Groups - https://groups.google.com/forum/#!topic/dataverse-community/U04sLtEkJ7Q
12:48 donsizemore
I think Glassfish plays well with SELinux, it's Shibboleth that requires permissive?
12:49 pdurbin
donsizemore: right. I'm running "Enforcing" on a Dataverse server where I'm not using Shibboleth: http://irclog.iq.harvard.edu/dataverse/2016-10-03#i_42518
12:49 pdurbin
donsizemore: it's been suggested at https://irclog.perlgeek.de/crimsonfu/2016-10-05#i_13342065 that a "TE" file could be written to make Shibboleth play nicely with SELinux
12:50 donsizemore
@pdurbin SELinux with Shib is officially unsupported https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSELinux
12:52 pdurbin
donsizemore: correct. I link to that wiki page from http://guides.dataverse.org/en/4.5.1/installation/shibboleth.html#disable-selinux
12:53 donsizemore
short of tinkering with SELinux, I'm happy to reply to him, for what little bit I'm worth
12:57 pdurbin
I just don't want that thread to go unanswered.
12:57 pdurbin
donsizemore: but I can try to find someone else. I wonder if bricas_ or jri use RHEL or CentOS.
12:59 donsizemore
@pdurbin i hadn't read his note carefully enough the first time. i thought they were requiring that he turn on SELinux
13:00 pdurbin
It says, "Our IT team want us to set SELinux enforcing ON"
13:00 jri
We're using CentOS and SELinux, but not Shibboletch for now unfortunately
13:00 pdurbin
jri: you have SELinux enforcing?
13:00 donsizemore
@pdurbin but then he dials it back and asks about security with selinux=permissive
13:00 jri
SELinux has no problem with Dataverse btw
13:01 pdurbin
jri: right, it's really Shibboleth that doesn't work with SELinux. Is this preventing you from adopting Shibboleth?
13:02 jri
No, it's just that I don't have time to plug our Shibboleth to Dataverse.
13:02 pdurbin
donsizemore: yeah, I feel like "how do I secure Linux?" is fairly off-topic for the dataverse-community list.
13:02 jri
But I'll do it someday
13:02 donsizemore
@pdurbin I can speak to what we've got in place for dataverse.unc.edu.
13:03 pdurbin
jri: cool. Heads up that Shibboleth doesn't play nicely with SELinux: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSELinux
13:03 pdurbin
donsizemore: that you be much appreciated. Please feel free to link to these logs as well.
13:04 pdurbin
I see venki was hear earlier but I was still asleep.
13:28 pdurbin
donsizemore: fantastic reply! Thanks!!
13:42 donsizemore joined #dataverse
13:56 djbrooke joined #dataverse
13:59 yoh joined #dataverse
14:12 djbrooke joined #dataverse
14:23 djbrooke joined #dataverse
14:35 yoh joined #dataverse
15:32 djbrooke joined #dataverse
17:09 donsizemore joined #dataverse
17:10 donsizemore
@pdurbin i forgot to mention securing the admin API but that's the first bit of the config page
17:15 majest1c joined #dataverse
17:50 djbrooke joined #dataverse
17:56 djbrooke joined #dataverse
18:12 djbrooke joined #dataverse
18:22 djbrooke joined #dataverse
18:34 djbrooke joined #dataverse
18:38 djbrooke joined #dataverse
18:48 donsizemore joined #dataverse
18:52 djbrooke joined #dataverse
19:04 djbrooke joined #dataverse
19:17 djbrooke joined #dataverse
19:19 djbrooke joined #dataverse
19:41 donsizemore joined #dataverse
19:41 djbrooke joined #dataverse
19:49 djbrooke_ joined #dataverse
20:04 djbrooke joined #dataverse
22:44 djbrooke joined #dataverse
