Time
S
Nick
Message
00:00 pdurbin
telnoratti: ah, you must have seen my comment at https://github.com/IQSS/dataverse/issues/3406#issuecomment-254635994 :)
00:02 telnoratti
Yeah
00:03 pdurbin
telnoratti: is VT gonna do OAuth instead?
00:06 telnoratti
No they have CAS and shibboleth, but there is some... mismanagement. Central auth is basically useless for most departments.
00:07 telnoratti
Nearly every one depends on their own auth infrastructure
00:20 pdurbin
telnoratti: interesting. So what is your plan for auth to Dataverse? Local accounts? You do intend to run Dataverse, I assume. I don't remember if we even established that. :)
00:20 telnoratti
local accounts
00:21 telnoratti
yeah we intend to run it lol
00:21 telnoratti
researchers just started using our instance
00:21 telnoratti
now that we have stack to stack migrations automated
00:21 telnoratti
as of... today I think
00:21 pdurbin
telnoratti: nice!! Do you want to be on the map at http://dataverse.org ? :)
00:22 telnoratti
sure
00:24 pdurbin
telnoratti: excellent! Please send an email to supportURL , and short description, please!
00:25 pdurbin
just the URL is probably enough :)
00:35 telnoratti
sure I'll probably have joel do it, since he's first on the project
01:01 pdurbin
no rush
01:02 pdurbin
telnoratti: I assume it's some department in VT rather than all of VT, given your comments about auth.
01:04 telnoratti
Well VT's IT is pretty decentralized, we have a "central IT", but without delving too much into the politics, they do not get along with the departments and institutes on campus. So we do have shibboleth for our @vt.edu identities, but sub orgs use those identities for their authentication
01:04 telnoratti
er
01:04 telnoratti
don't use*
01:06 telnoratti
so there's a few dozen different AD and LDAP servers around campus and maybe a third of those run their own email domain too
01:06 telnoratti
and no cross realm trust
01:12 pdurbin
So you wouldn't want all @vt.edu users to be able to log into your Dataverse instance via Shibboleth (which should work, in theory). You'd want to limit it to your department somehow.
01:12 telnoratti
yeah, which arguably should be perfectly possible
01:13 telnoratti
but it's pretty impossible to work with our identity management group
01:13 telnoratti
so most people just give up, VTTI included
01:13 telnoratti
also we'll probably be provisioning accounts for external (non @vt.edu) users
01:13 pdurbin
https://github.com/IQSS/dataverse/issues/1515 might help but I haven't gotten around to it.
01:16 telnoratti
well the problem is a little more pervasive, because in general we have so much difficulty working with central auth, half the researchers don't know about or use their @vt.edu account, just @vtti.vt.edu stuff
01:16 telnoratti
though that feature would probably meet most of our needs otherwise
01:16 telnoratti
I'll chat with joel about it tomorrow
01:17 * pdurbin
looks at http://www.vtti.vt.edu
01:18 pdurbin
telnoratti: cool. And yeah, local accounts are the way to let collaborators in, as you said.
01:18 telnoratti
heh, for the record, I have no input on that site at all, or it would have working https and work sans www
01:18 telnoratti
it's embarassing
01:19 pdurbin
We're also working on OAuth support (ORCID, GitHub, and Google login). Had a demo today and it's coming together.
01:19 pdurbin
https://github.com/IQSS/dataverse/issues/3338
02:30 djbrooke joined #dataverse
04:29 axfelix joined #dataverse
10:31 djbrooke joined #dataverse
11:56 donsizemore joined #dataverse
12:11 djbrooke joined #dataverse
12:39 pdurbin
jeffspies______: ping. Are you there? Did you see https://github.com/CenterForOpenScience/osf.io/pull/5344#issuecomment-254579259
13:01 pdurbin
donsizemore: psst. There's a new IdP at https://dataverse.unc.edu . I encouraged another college to join R&S: https://spaces.internet2.edu/display/InCFederation/Research+and+Scholarship+for+IdPs :)
13:01 donsizemore
@pdurbin oh, excellent. i just dropped Emory into our production config this morning
13:02 donsizemore
@pdurbin this java 1.8 update shouldn't affect Shib/Dataverse, should it? A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tun
13:04 pdurbin
donsizemore: hmm, well https://access.redhat.com/security/cve/cve-2016-5597 looks pretty bad. Can you please send an email to securityhttps://github.com/IQSS/dataverse/blob/v4.5.1/CONTRIBUTING.md#bug-reportsissues ?
13:05 donsizemore
@pdurbin will do. i wasn't asking if we were vulnerable but rather whether you saw the patch affecting shib functionality / glassfish proxying. our test dataverse instance runs centos, which picks up patches later than rhel
13:08 pdurbin
It's hard to know. It look like even RHEL doesn't have a patch yet.
13:08 pdurbin
looks*
13:09 pdurbin
donsizemore: knock knock
13:09 donsizemore
@pdurbin the old campus satellite server e-mails me immediately when there are updated packages, but the new one doesn't send me e-mail and can lag up to 24 hours behind the old one.
13:09 donsizemore
@pdurbin yes sir
13:10 pdurbin
you're supposed to say "who's there"
13:11 donsizemore
@pdurbin whose their?
13:11 pdurbin
Alaska
13:13 donsizemore
@pdurbin Alaska who?
13:14 pdurbin
Alaska tomorrow if there's a patch yet.
13:20 pdurbin
a variation on a joke from my 7 year old who is singing Fifty Nifty United States in school :)
13:42 majest1c joined #dataverse
13:44 donsizemore
@pdurbin though I forgot that Glassfish uses an AJP proxy, not HTTP
13:45 pdurbin
donsizemore: right, AJP. Does that mean we're safe?
13:48 donsizemore
@pdurbin i don't see anything about AJP in the release. i mostly don't want to break our Shib, we just got everything in production!
13:48 djbrooke joined #dataverse
13:51 pdurbin
yeah, don't break anything
13:51 pdurbin
"if you get hungry, eat something" --Best in Show
14:47 djbrooke joined #dataverse
14:49 djbrooke_ joined #dataverse
14:51 djbrooke_ joined #dataverse
14:54 djbrooke joined #dataverse
15:29 bricas joined #dataverse
15:33 djbrooke joined #dataverse
16:15 djbrooke joined #dataverse
16:27 djbrooke joined #dataverse
17:29 djbrooke joined #dataverse
17:38 donsizemore joined #dataverse
18:28 djbrooke joined #dataverse
18:48 djbrooke joined #dataverse
19:00 djbrooke joined #dataverse
19:27 donsizemore joined #dataverse
19:48 djbrooke_ joined #dataverse
19:50 djbrooke joined #dataverse
19:59 djbrooke joined #dataverse
20:02 djbrooke_ joined #dataverse
20:10 donsizemore
@pdurbin knock knock?
20:14 pdurbin
who's there?
20:23 donsizemore
@pdurbin see my response to #242625 (p.s. when do i see harvard show up in our list of shibbies?)
20:23 donsizemore
@pdurbin what an awful knock-knock joke, i know
20:27 pdurbin
242625? that one is "java-1.8.0-openjdk patch pending", the thing we were talking about earlier. Thanks for opening that ticket, by the way
20:28 donsizemore
@pdurbin things look good to my limited testing. still waiting on the RHEL patch for our prod server, tho
20:29 donsizemore
@pdurbin p.s. should i stick harvard back into our little local federation?
20:34 pdurbin
donsizemore: your response appears not to have made it into the ticketing system yet
20:35 donsizemore
@pdurbin manually pestered, then. also, fed.huit.harvard.edu went bye-bye?
20:36 pdurbin
yeah, they switch to Shib 3. new hostname
20:36 donsizemore
@pdurbin if you'll send me the link to their current metadata i'll add harvard to the list of dataverse-test entities
20:39 pdurbin
meh, Harvard should just join InCommon R&S
21:34 djbrooke joined #dataverse
21:40 agarnett joined #dataverse
21:44 djbrooke joined #dataverse
22:30 djbrooke joined #dataverse
