Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

[11:05:16 CDT(-0500)] <b-sure> hello uPortal devs. Are there URL's in uportal that cannont be accessed unless the user has authenticated? I"m trying to force a redirect to the login page by requesting a protected resource.

[11:05:59 CDT(-0500)] <EricDalquist> all new sessions should get /Login first

[11:06:09 CDT(-0500)] <EricDalquist> but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that

[11:06:16 CDT(-0500)] <EricDalquist> one of the many little fixes I have to get pushed back

[11:08:22 CDT(-0500)] <b-sure> ok thanks EricDalquist. I"m just working on some uMobile authentication using ECP and it requires the client to attempt to access a shibb protected resource.

[11:11:52 CDT(-0500)] <EricDalquist> things are going better today

[11:12:02 CDT(-0500)] <EricDalquist> I should be able to start pulling local mods over into uPortal this afternoon

[11:12:08 CDT(-0500)] <EricDalquist> and hopefully in there are the fixes you need

[11:45:56 CDT(-0500)] <b-sure> cool. thanks EricDalquist

[13:18:15 CDT(-0500)] <b-sure> hello EricDalquist. Is there a url I can request in uPortal that will automatically redirect me to the login? I know there isn't anything in web.xml that says there are protected resources.

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:05:58) EricDalquist: all new sessions should get /Login first

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:09) EricDalquist: but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that

[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:15) EricDalquist: one of the many little fixes I have to get pushed back

[13:19:54 CDT(-0500)] <b-sure> ok but are you redirected to /Login no matter what url you hit within the portal? I'm just trying to see if we can shibb protect /Login or if we need to protect some other sub path.

[13:20:02 CDT(-0500)] <EricDalquist> yes

[13:20:26 CDT(-0500)] <EricDalquist> once the bug is fixed any first-time-session request should bounce you off /Login

[13:20:26 CDT(-0500)] <b-sure> hmm. that may be an issue for shibb users I think unless all paths in the portal are shibb protected

[13:20:56 CDT(-0500)] <b-sure> because currently we protect our whole portal with shibb which works fine under this scheme

[13:21:17 CDT(-0500)] <b-sure> but for umobile to work, we need to expose an unauthenticated view

[13:21:36 CDT(-0500)] <EricDalquist> that would be a question for the umobile

[13:21:37 CDT(-0500)] <EricDalquist> folks

[13:21:48 CDT(-0500)] <EricDalquist> to see if they can enumerate a set of urls needed by umobile

[13:34:40 CDT(-0500)] <athena> b-sure: if you want to have an unauthenticated version of umobile, you're going to need to allow unauthenticated access to your portal

[13:34:43 CDT(-0500)] <b-sure> ok EricDalquist. another hopefully easy question for you. Are the sub context paths for the guest user (logged in by passing through /Login) any different the the sub context paths for reqular users who authenticate through a login form.

[13:34:45 CDT(-0500)] <athena> umobile re-uses the guest view

[13:35:09 CDT(-0500)] <EricDalquist> huh?

[13:35:10 CDT(-0500)] <b-sure> hello athena. yes we are exposing the unauthenticated view of the portal

[13:35:37 CDT(-0500)] <athena> ok, i guess i'm not quite following, sorry (smile)

[13:35:47 CDT(-0500)] <EricDalquist> what is a sub-context?

[13:35:48 CDT(-0500)] <b-sure> the issue is that for shibb to kick in , you need to attempt to access a protected resource

[13:36:03 CDT(-0500)] <EricDalquist> b-sure: why not have a phantom url for the shib login?

[13:36:05 CDT(-0500)] <b-sure> subcontext like /uPortal/subcontextpath/protlet

[13:36:06 CDT(-0500)] <EricDalquist> we do that all the time

[13:36:20 CDT(-0500)] <EricDalquist> setup a <location> block in apache

[13:36:25 CDT(-0500)] <EricDalquist> protect it with shib

[13:36:30 CDT(-0500)] <EricDalquist> and define a redirect to the portal

[13:36:43 CDT(-0500)] <b-sure> yeah thats what I'm thinking . I'm talking to an admin now about a phantom path for shib. but I think it still needs to be a sub context of the portal

[13:36:51 CDT(-0500)] <EricDalquist> so you direct users to example.com/SHIB_FORCE_AUTH

[13:36:57 CDT(-0500)] <EricDalquist> which requires shib-auth

[13:37:06 CDT(-0500)] <EricDalquist> and does nothing other than redirect to /portal/Login

[13:37:21 CDT(-0500)] <EricDalquist> so by subcontext you mean URL path?

[13:37:24 CDT(-0500)] <b-sure> ok so the reidrect is withi the<location> block?

[13:37:29 CDT(-0500)] <b-sure> yeah I mean url path

[13:37:36 CDT(-0500)] <EricDalquist> I think so ... we have an apache admin that does all that for us (tongue)

[13:37:37 CDT(-0500)] <b-sure> like sub path.

[13:37:42 CDT(-0500)] <b-sure> me too (smile)

[13:37:52 CDT(-0500)] <EricDalquist> take a look at https://wiki.jasig.org/display/UPC/Consistent+Portal+URLs

[13:39:48 CDT(-0500)] <b-sure> ok so the strategy is to have the urls formatted similarly whether you are logged in or not. I think if the phantom shibb url idea works that will fix this uMobile/uPortal issue

[13:40:16 CDT(-0500)] <EricDalquist> the format is similar

[13:40:27 CDT(-0500)] <EricDalquist> but the node IDs in the url will likely be different

[13:40:35 CDT(-0500)] <EricDalquist> unless the guest and authd users have the same fragments in their layout

[13:45:22 CDT(-0500)] <b-sure> ok thanks.

[14:11:49 CDT(-0500)] <b-sure> hello EricDalquist. I"m working with my admin on this phantom shibb <location> directive. Are you or your admin in a position to share an example of that by chance?

[14:12:59 CDT(-0500)] <EricDalquist> not today, I can check tomorrow morning if you remind me

[14:16:23 CDT(-0500)] <b-sure> ok np. thanks

[14:24:33 CDT(-0500)] <athena> https://github.com/Jasig/ClassifiedsPortlet

[14:24:44 CDT(-0500)] <athena> really nice new classifieds portlet contributed by gary maxwell

[14:25:01 CDT(-0500)] <athena> looks great so far - JPA, annotation-based spring MVC, etc.

[15:02:22 CDT(-0500)] <b-sure> hello uPortal Devs: We are trying to deploy the portal (3.2.patches) to a 64bit vm. A couple of the portlets are getting an error like this http://pastebin.com/raw.php?i=ignzKE4W.

[15:02:36 CDT(-0500)] <b-sure> do you know if that might be some library conflict?

[15:03:10 CDT(-0500)] <EricDalquist> looks like you're deploying into a tomcat that previously had up4

[15:03:19 CDT(-0500)] <EricDalquist> and there are some left over JSR-286 libraries in shared/lib

[15:04:06 CDT(-0500)] <b-sure> ahh.

[15:04:30 CDT(-0500)] <b-sure> thanks. I'll check w my admin.

  • No labels