jasig-cas IRC Logs-2011-10-14

Owned by Apereo Infrastructure
Last updated: Oct 14, 2011Version comment
21 min read

[07:59:52 CDT(-0500)] <foxnesn> morning

[08:00:38 CDT(-0500)] <RaviJK> foxnesn morning!!

[08:01:12 CDT(-0500)] <foxnesn> hehe

[08:01:19 CDT(-0500)] <foxnesn> so happy i got this working

[08:01:31 CDT(-0500)] <foxnesn> now i get to break it and try authbind instead of fastbind

[08:37:17 CDT(-0500)] <kickehy> hmmm i'm getting a "page cannot be displayed" error when I try to go to the services management site

[08:38:23 CDT(-0500)] <foxnesn> services managment?

[08:38:44 CDT(-0500)] <kickehy> http://localhost:8080/cas/services/manage.html

[08:38:46 CDT(-0500)] <kickehy> that link

[08:39:07 CDT(-0500)] <kickehy> or in my case it would be https://localhost/cas/services/manage.html

[08:39:51 CDT(-0500)] <foxnesn> i dont think i have that setup yet

[08:40:10 CDT(-0500)] <foxnesn> what does it do?

[08:41:18 CDT(-0500)] <kickehy> manages your applications that are tied into cas...I think

[08:41:33 CDT(-0500)] <foxnesn> oh

[08:41:40 CDT(-0500)] <foxnesn> im not seeing anything there

[08:41:42 CDT(-0500)] <foxnesn> getting page not found

[08:48:29 CDT(-0500)] <foxnesn> kickehy: is there a reason you are using bindauth and not fastbind?

[08:49:34 CDT(-0500)] <kickehy> ummm mainly because i found the bindauth document first

[08:49:47 CDT(-0500)] <kickehy> and didn't find much info on fastbind

[08:50:06 CDT(-0500)] <kickehy> no idea if one is better than the other

[08:50:06 CDT(-0500)] <foxnesn> ah, i found fastbind much easier to configure

[08:50:12 CDT(-0500)] <foxnesn> i dont think it matters much

[08:50:25 CDT(-0500)] <foxnesn> mostly depends on the applications you are connecting to CAS

[08:53:19 CDT(-0500)] <foxnesn> do you know what port the cas server runs on?

[08:54:41 CDT(-0500)] <kickehy> it's all web based so i assume 80, 443 (or 8080, 8443)

[09:02:56 CDT(-0500)] <foxnesn> crap moodle only supports cas version 1 or 2

[09:03:10 CDT(-0500)] <kickehy> really?

[09:03:19 CDT(-0500)] <kickehy> dang

[09:03:31 CDT(-0500)] <kickehy> that was the other piece of software i wanted to tie into

[09:04:34 CDT(-0500)] <foxnesn> well we already have another cas setup and moodle actually authenticates with ldap

[09:04:51 CDT(-0500)] <kickehy> how many users do you have?

[09:04:59 CDT(-0500)] <foxnesn> and moodle seems to cooperate just fine with that cas so...

[09:05:06 CDT(-0500)] <foxnesn> thousands

[09:05:59 CDT(-0500)] <foxnesn> so when i go to the moodle site directly it sends me to the cas login which is fine, it seems to auth the user but then goes to the moodle login and saying it is invalid

[09:06:09 CDT(-0500)] <foxnesn> and then i reenter those same credentials and it lets mein

[09:08:09 CDT(-0500)] <kickehy> and you auth with ldap? I thought moodle couldn't handle ldap correctly because the php version wouldn't handle paged results

[09:09:04 CDT(-0500)] <foxnesn> we use it just fine

[09:09:09 CDT(-0500)] <kickehy> hmmmm

[09:09:14 CDT(-0500)] <foxnesn> looks like moodle uses phpCAS 1.1.3

[09:09:53 CDT(-0500)] <foxnesn> what version of moodle you running

[09:09:54 CDT(-0500)] <foxnesn> ?

[09:10:01 CDT(-0500)] <kickehy> 1.9 i think

[09:10:06 CDT(-0500)] <kickehy> or 1.8

[09:10:09 CDT(-0500)] <kickehy> i don't recall

[09:10:13 CDT(-0500)] <foxnesn> our PROD is on 1.9.5

[09:10:25 CDT(-0500)] <foxnesn> just upgraded TEST to 2.1.1

[09:10:28 CDT(-0500)] <kickehy> i setup a new 2.1+ test server

[09:14:43 CDT(-0500)] <foxnesn> yea im looking at the cas logs and CAS authenticates and grants the ticket but moodle doesnt seem like to like it

[09:14:53 CDT(-0500)] <kickehy> :/

[09:15:02 CDT(-0500)] <foxnesn> i bet it is because it only does 2.0

[09:15:03 CDT(-0500)] <foxnesn> fail

[09:15:03 CDT(-0500)] <foxnesn> lol

[09:15:10 CDT(-0500)] <foxnesn> well i guess moodle can go back to ldap

[09:15:16 CDT(-0500)] <foxnesn> everything else will still be cas

[09:15:28 CDT(-0500)] <foxnesn> and we will just have to work it into the portal

[09:15:41 CDT(-0500)] <foxnesn> or i wonder if i can upgrade the casPHP separately in moodle

[09:15:44 CDT(-0500)] <kickehy> we currently use sharepoint for our portal

[09:15:54 CDT(-0500)] <foxnesn> how do you like that?

[09:16:09 CDT(-0500)] <kickehy> it does alright

[09:16:17 CDT(-0500)] <kickehy> the problem is getting students to use it

[09:16:30 CDT(-0500)] <kickehy> but i think that's the problem no matter what

[09:16:31 CDT(-0500)] <foxnesn> really?

[09:16:53 CDT(-0500)] <kickehy> well...

[09:17:12 CDT(-0500)] <kickehy> i think a better description would be, the students don't all know what's on it

[09:17:49 CDT(-0500)] <kickehy> so they get mad because they can't figure out how to install software, and then you drill down in the portal and show them the link and then they're happy

[09:18:10 CDT(-0500)] <foxnesn> ooo

[09:18:27 CDT(-0500)] <kickehy> as an example (wink)

[09:19:02 CDT(-0500)] <kickehy> our admin system will be somewhat converting to sharepoint 2010...so we're going to be merging with that

[09:19:17 CDT(-0500)] <kickehy> since the admin system is kind of out of our hands

[09:19:18 CDT(-0500)] <foxnesn> ive never used sharepoint before

[09:19:29 CDT(-0500)] <kickehy> i haven't used it much myself

[09:19:38 CDT(-0500)] <kickehy> i'm not wholeheartedly in charge of it

[09:20:16 CDT(-0500)] <kickehy> i would consider that web development, and i'm not a big web dev person

[09:20:51 CDT(-0500)] <kickehy> i'm mainly the Cisco/Wireless guy

[09:21:15 CDT(-0500)] <kickehy> but when you work in higher ed....you do a lot more than what you were just hired for

[09:25:08 CDT(-0500)] <foxnesn> haha

[09:25:19 CDT(-0500)] <foxnesn> yea especialy at smaller schools

[09:29:31 CDT(-0500)] <foxnesn> woot got it to work

[09:30:01 CDT(-0500)] <foxnesn> for some reason in the CAS setup page in moodle it also wants the LDAP settings which i entered. leaving that blank makes it work.

[09:34:39 CDT(-0500)] <kickehy> foxnesn: i may have to ask you how you went about doing all that in the near future

[09:35:27 CDT(-0500)] <kickehy> right now our wireless project takes precedence over the cas server (tongue)

[09:36:54 CDT(-0500)] <kickehy> is there instructions on how to "casify" an application?

[09:37:24 CDT(-0500)] <foxnesn> yea in the wiki

[09:37:31 CDT(-0500)] <foxnesn> look for the cas clients doc

[09:37:39 CDT(-0500)] <foxnesn> what is your wireless project?

[09:38:36 CDT(-0500)] <kickehy> it's a few things, but mainly, making it so that no matter where a student is inside a building, they get a wireless signal

[09:38:54 CDT(-0500)] <foxnesn> ah

[09:39:04 CDT(-0500)] <foxnesn> that's good to have

[09:39:12 CDT(-0500)] <kickehy> yeah...we have 5 buildings left

[09:39:14 CDT(-0500)] <foxnesn> im surprised you don't already have something like that setup

[09:39:30 CDT(-0500)] <kickehy> most of the main places on campus already have wireless

[09:39:41 CDT(-0500)] <kickehy> but a lot of office areas don't

[09:39:47 CDT(-0500)] <foxnesn> i see

[09:39:58 CDT(-0500)] <foxnesn> are you working with a vendor or anything

[09:39:59 CDT(-0500)] <foxnesn> ?

[09:40:24 CDT(-0500)] <kickehy> we mainly use Cisco, but the people who helped us with the site survey is called CEC

[09:40:57 CDT(-0500)] <kickehy> that's generic...let me find the webpage (tongue)

[09:40:59 CDT(-0500)] <foxnesn> is your school doing the installation?

[09:41:08 CDT(-0500)] <foxnesn> or is the company?

[09:41:20 CDT(-0500)] <kickehy> http://www.cecinfo.com/

[09:41:27 CDT(-0500)] <kickehy> we're doing the install

[09:42:34 CDT(-0500)] <foxnesn> that is a big project then

[09:42:43 CDT(-0500)] <kickehy> so...yeah...all the cable pulling, terminating, installing

[09:42:49 CDT(-0500)] <foxnesn> yea haha

[09:42:50 CDT(-0500)] <kickehy> fun stuff

[09:42:58 CDT(-0500)] <foxnesn> are you actually in there doing that stuff?

[09:43:29 CDT(-0500)] <kickehy> sometimes, not always, maintenance helps us out a lot

[09:43:35 CDT(-0500)] <kickehy> to at least pull the cables

[09:43:51 CDT(-0500)] <foxnesn> that's good

[09:44:09 CDT(-0500)] <kickehy> yeah we try and keep a good relationship with that department

[09:44:26 CDT(-0500)] <kickehy> because we all know the two departments you want to have on your good side are maintenance and IT

[09:44:36 CDT(-0500)] <foxnesn> lol

[09:44:48 CDT(-0500)] <foxnesn> very true

[09:44:58 CDT(-0500)] <kickehy> heh

[09:45:32 CDT(-0500)] <kickehy> it was fun setting up 150 lightweight APs not to long ago

[09:45:52 CDT(-0500)] <kickehy> that took about 4 days straight of unboxing and configuring

[09:46:03 CDT(-0500)] <foxnesn> wow

[09:46:05 CDT(-0500)] <kickehy> thankfully the lightweight part helps

[09:46:10 CDT(-0500)] <foxnesn> what range did you decide on

[09:46:18 CDT(-0500)] <foxnesn> meaning, how far apart do you keep them?

[09:47:00 CDT(-0500)] <kickehy> very much depends on the building, one building has solid concrete walls for every room

[09:47:03 CDT(-0500)] <kickehy> soooooooooo

[09:47:14 CDT(-0500)] <foxnesn> oh man

[09:47:23 CDT(-0500)] <kickehy> you pretty much have to have one or two (depending on the classroom size) in every room

[09:47:37 CDT(-0500)] <foxnesn> wireless g or n?

[09:47:42 CDT(-0500)] <kickehy> N

[09:47:45 CDT(-0500)] <kickehy> dual band

[09:47:46 CDT(-0500)] <foxnesn> nice!

[09:48:05 CDT(-0500)] <foxnesn> gigabit backbone for each building?

[09:48:18 CDT(-0500)] <kickehy> amazingly enough, we will be replacing about 20 B access points to finally get rid of those

[09:48:21 CDT(-0500)] <kickehy> foxnesn: yep

[09:48:36 CDT(-0500)] <foxnesn> id be curious about saturation

[09:48:44 CDT(-0500)] <foxnesn> if you connect at 200mbps

[09:48:53 CDT(-0500)] <foxnesn> and have everyone in the building do that

[09:49:00 CDT(-0500)] <foxnesn> where the bottlenecks will be

[09:49:15 CDT(-0500)] <foxnesn> do the users see each AP separately?

[09:49:28 CDT(-0500)] <foxnesn> well i guess that is a dumb question

[09:49:45 CDT(-0500)] <kickehy> physically?

[09:50:01 CDT(-0500)] <foxnesn> but i wonder if some users will be savvy enough to know that if their connection is laggy they can just walk 15 feet

[09:50:25 CDT(-0500)] <foxnesn> does it sustain a connection if you walk around?

[09:50:32 CDT(-0500)] <foxnesn> like auto reconnect or anything if you are mobile?

[09:50:32 CDT(-0500)] <kickehy> they're all in a mobility group so as a user moves (let's say he walks from one end to the other end of the building) he has no interruptions

[09:50:40 CDT(-0500)] <foxnesn> awesome

[09:51:44 CDT(-0500)] <kickehy> and shortly we'll be using a Network Policy Server (NPS) to authenticate one one wireless profile rather than three

[09:51:50 CDT(-0500)] <kickehy> on one*

[09:52:32 CDT(-0500)] <foxnesn> now do you guys have a radius server or anything to prevent people from setting up their own AP and suckering users to it?

[09:52:53 CDT(-0500)] <kickehy> we do have radius, but only for wireless at this point, not for LAN connections

[09:52:56 CDT(-0500)] <kickehy> that's on the list (tongue)

[09:53:00 CDT(-0500)] <kickehy> of to do's

[09:53:11 CDT(-0500)] <foxnesn> yea ive only really seen radius used for wireless

[09:53:25 CDT(-0500)] <kickehy> we don't want to make the gamers too angry yet

[09:53:31 CDT(-0500)] <foxnesn> whats that term where you setup a rogue AP and trick people into connecting to it?

[09:54:09 CDT(-0500)] <kickehy> the term...i'm not completely sure

[09:54:26 CDT(-0500)] <foxnesn> i guess they just call it a rogue access point

[09:54:30 CDT(-0500)] <kickehy> yeah

[09:54:31 CDT(-0500)] <kickehy> lol

[09:54:36 CDT(-0500)] <foxnesn> file under being a lame hacker

[09:54:48 CDT(-0500)] <kickehy> but we currently use WCS for our wireless ap management

[09:55:00 CDT(-0500)] <kickehy> and will be upgrading to NCS next budget year

[09:55:16 CDT(-0500)] <kickehy> really cool monitoring capabilities

[09:55:33 CDT(-0500)] <foxnesn> from cisco?

[09:55:37 CDT(-0500)] <kickehy> yeah

[09:55:59 CDT(-0500)] <foxnesn> wow that does look cool

[09:56:03 CDT(-0500)] <kickehy> we look at brokade from time to time

[09:56:55 CDT(-0500)] <kickehy> http://www.merunetworks.com/ <---they have some neat things as well

[10:10:44 CDT(-0500)] <kickehy> just logged back into my test moodle server (i haven't touched it for about a month) and it's broken (big grin)

[10:10:54 CDT(-0500)] <kickehy> now i have to fix that first before i test this

[10:12:22 CDT(-0500)] <kickehy> hey there we go, when in doubt restart all the services

[10:13:23 CDT(-0500)] <kickehy> foxnesn: beyond successfully getting cas to bind to ldap, is there any more configuration need on the cas server side to get this to work?

[10:13:35 CDT(-0500)] <kickehy> s/this/applications

[10:19:05 CDT(-0500)] <kickehy> foxnesn: also, have you messed with single sign out?

[10:19:20 CDT(-0500)] <kickehy> or do you just leave it at closing the web browser?

[10:21:19 CDT(-0500)] * kickehy out for now, going to mark some spots for some APs

[10:31:19 CDT(-0500)] <foxnesn> i havnt touches single sign out

[10:31:39 CDT(-0500)] <foxnesn> i know our current policy is to just prompt the users close their browser when done

[11:09:03 CDT(-0500)] <foxnesn> it never stops raining here

[11:55:51 CDT(-0500)] <kickehy> is it possible to customize our cas login page?

[12:08:31 CDT(-0500)] <foxnesn> yes

[12:08:51 CDT(-0500)] <foxnesn> i know that atilling's login is customized and pretty fancy

[12:09:45 CDT(-0500)] <foxnesn> http://camelweb.conncoll.edu/

[12:09:55 CDT(-0500)] <foxnesn> that is the url of his portal which redirects to cas

[12:10:35 CDT(-0500)] <foxnesn> it's a nice looking website to

[12:38:18 CDT(-0500)] <kickehy> that is neat

[12:42:59 CDT(-0500)] <foxnesn> yea i dont have a lot of web design background so im not sure how fancy im going to make it

[12:44:21 CDT(-0500)] <kickehy> somewhat sadly, our web dev people are seperate from the IT department

[12:44:25 CDT(-0500)] <kickehy> they're in with marketing

[12:55:36 CDT(-0500)] <kickehy> i need to figure out how to correctly build the cas.war file rather than deploying the war file and editing the files afterwards

[12:59:33 CDT(-0500)] <kickehy> do you have to install the php ldap module in moodle to get it to work?

[13:00:03 CDT(-0500)] <apetro> kickehy, not sure I understand the question.

[13:00:19 CDT(-0500)] <wgthom> checking in

[13:00:47 CDT(-0500)] <apetro> checking in. Spinning up working with Jacob Lichner on Services Registry improvements.

[13:01:10 CDT(-0500)] <kickehy> apetro: http://grab.by/b40l <---i'm assuming yes

[13:01:23 CDT(-0500)] <kickehy> to get moodle to interface with cas

[13:02:13 CDT(-0500)] <wgthom> that's how i read it (smile)

[13:02:54 CDT(-0500)] <apetro> interesting. Hadn't been aware of that requirement.

[13:03:09 CDT(-0500)] <apetro> Presumably the username CAS provides is insufficient to Moodle's needs and it wants to also go look up the user in LDAP anyway after authentication.

[13:03:15 CDT(-0500)] <kickehy> maybe something new with version 2.1.1+

[13:05:24 CDT(-0500)] <apetro> it's that time again

[13:05:51 CDT(-0500)] <apetro> agenda bash?, and sorry but I'm going to have to reserve the right to disappear at any point to deal with a support case...

[13:05:52 CDT(-0500)] <battags> anyone get a chance to look at RC1?

[13:06:02 CDT(-0500)] <battags> agenda item #1: RC1

[13:06:16 CDT(-0500)] <apetro> CAS 3.4.11 RC1, agendized.

[13:06:20 CDT(-0500)] <apetro> Anything else?

[13:06:25 CDT(-0500)] <wgthom> lppe update

[13:06:42 CDT(-0500)] <apetro> CAS 3.4.11 RC1, LPPE update. Anything else?

[13:07:06 CDT(-0500)] <apetro> Scott, your JS enhancement for add/edit registered service entry worth discussing?

[13:07:16 CDT(-0500)] <battags> potentially

[13:07:20 CDT(-0500)] <wgthom> i haven't had a change to look at RC1 yet. perhaps a note to cas-user would get some more feedback. prompting folks to at least try their mavn builds

[13:07:37 CDT(-0500)] <apetro> CAS 3.4.11 RC1, LPPE update, Scott's JS for improving ServicesRegistry. Anything else?

[13:07:41 CDT(-0500)] <battags> I still have an outstanding item to look at the roadmap

[13:07:45 CDT(-0500)] <battags> but that's a personal thing (wink)

[13:07:56 CDT(-0500)] <apetro> prolly worth discussing.

[13:08:08 CDT(-0500)] <apetro> CAS 3.4.11 RC1, LPPE, JS for SR, Roadmap. Anything else?

[13:08:39 CDT(-0500)] <apetro> Let's do it. CAS 3.4.11 RC1: Go! (smile)

[13:08:46 CDT(-0500)] <battags> RC1 is out

[13:08:49 CDT(-0500)] <battags> announced to dev list

[13:08:56 CDT(-0500)] <battags> but Bill is right we should send it to user also

[13:09:07 CDT(-0500)] <battags> I expected it would be sanity checked by Marvin which is why it only went to dev (wink)

[13:09:14 CDT(-0500)] <apetro> I haven't downloaded it to test, but intend to do so.

[13:09:39 CDT(-0500)] <battags> oh one more thing for the agenda

[13:09:45 CDT(-0500)] <battags> thoughts on migration to github

[13:09:51 CDT(-0500)] <battags> interested in feedback

[13:10:20 CDT(-0500)] <apetro> I have one unconfirmed instance of stuff working against ~3.4.11 not working against 3.4.8, so potentially maybe there's an interesting change, but not deep into that yet. So, useless rumours re 3.4.11 but no real feedback yet.

[13:10:52 CDT(-0500)] <battags> I meant feedback on GitHub but feedback on 3.4.11 RC1 is welcome to (wink)

[13:11:25 CDT(-0500)] <apetro> yup, noted github. Agenda is now: CAS 3.4.11 RC1, LPPE, JS for SR, Roadmap, Github.

[13:11:41 CDT(-0500)] <battags> let's set a target for 3.4.11

[13:11:47 CDT(-0500)] <apetro> ok, so battags is going to ping cas-user@ re trying out 3.4.11 RC1?

[13:11:53 CDT(-0500)] <battags> wednesday of next week?

[13:11:54 CDT(-0500)] <apetro> target date for releasing 3.4.11, you mean?

[13:12:02 CDT(-0500)] <battags> target date for release

[13:12:02 CDT(-0500)] <battags> yet

[13:12:04 CDT(-0500)] <battags> yes*

[13:12:12 CDT(-0500)] <battags> sorry I went to sleep at 4:30 this morning due to work

[13:12:12 CDT(-0500)] <apetro> feels too soon, but I wouldn't veto.

[13:12:20 CDT(-0500)] <apetro> you need a better job. (smile)

[13:12:31 CDT(-0500)] <battags> I'm not going to have 3.4.11 sit waiting to be RCed

[13:12:32 CDT(-0500)] <apetro> Yegge tells me Google is better in all ways but three. Just saying.

[13:12:49 CDT(-0500)] <battags> tell that to the former Google coworkers (wink)

[13:13:17 CDT(-0500)] <apetro> the Wednesday timeline feels at odds with the ballparks serac was throwing around

[13:13:24 CDT(-0500)] <apetro> iirc it sounded more like two weeks then

[13:13:31 CDT(-0500)] <battags> two weeks to RC a minor release?

[13:13:56 CDT(-0500)] <apetro> would be nice to get some adopter to confirm having tested their local overlay build against it.

[13:14:06 CDT(-0500)] <wgthom> point release. right? 3.4.11...

[13:14:15 CDT(-0500)] <apetro> yes, 3.4.11

[13:14:52 CDT(-0500)] <wgthom> i also tend to want community verification.

[13:15:03 CDT(-0500)] <wgthom> rather then arbitrary date

[13:15:18 CDT(-0500)] <wgthom> still good to have targets

[13:15:28 CDT(-0500)] <apetro> good to have a target

[13:15:43 CDT(-0500)] <apetro> the threat of release if no problems reported might help folks decide to try it out (smile)

[13:15:55 CDT(-0500)] <wgthom> tru

[13:17:07 CDT(-0500)] <apetro> should RC be downloadable from here to further encourage adopter try-out? http://www.jasig.org/cas/download

[13:17:10 CDT(-0500)] <battags> date isn't arbitrary

[13:17:18 CDT(-0500)] <battags> we set a reasonable amount of time for feedback

[13:17:45 CDT(-0500)] <battags> most people are just going to update their pom

[13:18:11 CDT(-0500)] <wgthom> ok. arbitrary was too strong…but you get my point.

[13:18:39 CDT(-0500)] <wgthom> if no one had time or inclination to vet the RC it woudl be touch to issue a GA

[13:18:44 CDT(-0500)] <wgthom> it would be tough...

[13:18:57 CDT(-0500)] <battags> why?

[13:19:17 CDT(-0500)] <battags> I should say when you mean no one

[13:19:23 CDT(-0500)] <battags> do you mean community or devs

[13:19:27 CDT(-0500)] <battags> if no dev did I would be concerned

[13:19:29 CDT(-0500)] <apetro> because we want to have releases in which confidence is well justified and adopters feel invested in?

[13:19:38 CDT(-0500)] <battags> if community said F this I am waiting for the actual release I wouldn't be concerned

[13:20:18 CDT(-0500)] <battags> also unless someone is waiting for a bug fix in the release they aren't lining up to deploy CAS point releases

[13:20:39 CDT(-0500)] <battags> when I worked for RU we didn't even deploy every point release

[13:20:51 CDT(-0500)] <wgthom> by some definition of community, i suppose yes. point being some verification would be nice before a GA

[13:21:08 CDT(-0500)] <battags> my expectation is that the developers are doing it

[13:21:10 CDT(-0500)] <battags> if community does it too that would be awesome

[13:21:23 CDT(-0500)] <battags> but the community didn't push for RCs, the dev-team did (which is fine and I think its a good idea)

[13:21:50 CDT(-0500)] <battags> you're asking them to do work they didn't sign up for (wink)

[13:22:34 CDT(-0500)] <wgthom> i don't make such a hard distinction btw dev-team vs community. i see more of a continuum of particapation

[13:23:00 CDT(-0500)] <wgthom> in any case… some verifcation of rc before ga is away to ensure some level of qa

[13:23:17 CDT(-0500)] <battags> then I'll wait for you and Marvin to validate the release

[13:23:21 CDT(-0500)] <battags> candidate

[13:23:58 CDT(-0500)] <wgthom> and the wider cas-user folks if possible

[13:24:20 CDT(-0500)] <wgthom> if nothing else we could get this done at the unconferene.

[13:24:31 CDT(-0500)] <apetro> ok. So, battags is posting to cas-user@ announcing the RC and inviting community testing?

[13:24:33 CDT(-0500)] <battags> in like 3 weeks?

[13:24:53 CDT(-0500)] <battags> andrew why do you show up red in my chat

[13:25:06 CDT(-0500)] <apetro> this will not be red

[13:25:10 CDT(-0500)] <apetro> battags, this will be red

[13:25:15 CDT(-0500)] <apetro> red is when I mention you, battags

[13:25:20 CDT(-0500)] <battags> your name shows up red

[13:25:23 CDT(-0500)] <battags> in my chat window

[13:25:29 CDT(-0500)] <wgthom> apetro like this?

[13:25:37 CDT(-0500)] <battags> oh okay

[13:25:39 CDT(-0500)] <battags> now I see

[13:25:52 CDT(-0500)] <battags> thanks for the explanation

[13:26:08 CDT(-0500)] <wgthom> no red for me...

[13:26:11 CDT(-0500)] <wgthom> ?

[13:26:18 CDT(-0500)] <apetro> wgthom, this will look different for you.

[13:26:25 CDT(-0500)] <wgthom> nope

[13:26:32 CDT(-0500)] <apetro> then you have a lame IRC client (smile)

[13:26:34 CDT(-0500)] <battags> maybe Bill is colorblind (wink)

[13:26:39 CDT(-0500)] <wgthom> lol

[13:27:00 CDT(-0500)] <apetro> noting that IRC is lame, getting back to the topic at hand:

[13:27:09 CDT(-0500)] <apetro> battags has action item to email cas-user@ cogently

[13:27:31 CDT(-0500)] <apetro> take up polling CAS committers on cas-dev@ re findings in their trying out the RC, to at least get that level of validation?

[13:28:09 CDT(-0500)] <wgthom> i think some prompting would be helpful. yes

[13:28:29 CDT(-0500)] <wgthom> especially if we'd rather have ga sooner than later.

[13:29:25 CDT(-0500)] <apetro> ok. invite cas-user@ particpation, poke for further discussion on cas-dev@

[13:29:32 CDT(-0500)] <apetro> pop the agenda queue?

[13:29:47 CDT(-0500)] <wgthom> yep

[13:29:59 CDT(-0500)] <apetro> LPPE update: Go! (smile)

[13:30:40 CDT(-0500)] <wgthom> been working with Andrew T. he's got a some more polish to lppe

[13:31:02 CDT(-0500)] <apetro> He'll also be at UnConf. Potential f2f collab there.

[13:31:13 CDT(-0500)] <wgthom> yes.

[13:31:28 CDT(-0500)] <wgthom> hoping to finish off getting it ready for 3.5 there

[13:31:59 CDT(-0500)] <battags> has there been any analysis yet of the work that was done in the 4.x branch and where it ties with the original LPPE code ?

[13:33:17 CDT(-0500)] <wgthom> nothing intensive. will you be at uconference?

[13:34:01 CDT(-0500)] <battags> not sure yet since it would be my own money. But we can also meet up locally if we want to compare notes

[13:34:02 CDT(-0500)] <wgthom> at this point the lppe code looks like a mild extension to ldap-support and the login flow

[13:34:31 CDT(-0500)] <wgthom> i'd welcome that opportunity.

[13:34:31 CDT(-0500)] <battags> we are allegedly 1h 11m from each other

[13:34:35 CDT(-0500)] <battags> as the crow flies

[13:34:40 CDT(-0500)] <battags> or as google maps reports

[13:34:51 CDT(-0500)] <wgthom> i've got wireless at RU as well. (smile)

[13:35:17 CDT(-0500)] <battags> ha

[13:35:23 CDT(-0500)] <wgthom> anyhow…I won't be ready till after the Uconference.

[13:35:28 CDT(-0500)] <battags> that's fine

[13:35:34 CDT(-0500)] <battags> I have a marathon to train/run

[13:35:48 CDT(-0500)] <wgthom> thinkin AndrewT could be next committer...

[13:35:56 CDT(-0500)] <wgthom> based on lppe work

[13:35:57 CDT(-0500)] <battags> that would be good

[13:36:06 CDT(-0500)] <battags> we keep getting LDAP volunteers

[13:36:07 CDT(-0500)] <wgthom> he has the lppe code alrady running in productino

[13:36:11 CDT(-0500)] <battags> we need SPNEGO volunteers (wink)

[13:36:12 CDT(-0500)] <wgthom> at connecticut

[13:36:32 CDT(-0500)] <wgthom> no spnego deployers…no volunteers. (smile)

[13:36:53 CDT(-0500)] <wgthom> enough about lppe i think.

[13:36:58 CDT(-0500)] <battags> I almost had a SPNEGO volunteer. He got shot down by Nintendo legal

[13:37:34 CDT(-0500)] <battags> so Bill we'll sync up on cas4 APIs vs. current APIs after the unconference?

[13:37:38 CDT(-0500)] <apetro> Pop to: JS for SR. Go!

[13:37:42 CDT(-0500)] <wgthom> yep

[13:37:43 CDT(-0500)] <battags> or do we want to start over email?

[13:37:53 CDT(-0500)] <battags> Marvin probably wants to be in the conversation

[13:37:58 CDT(-0500)] <battags> though he is not 1h 11m away (wink)

[13:38:05 CDT(-0500)] <wgthom> or there…if your are there…or possible virtually.

[13:38:18 CDT(-0500)] <battags> okay we'll figure it out. We both have IM

[13:38:19 CDT(-0500)] <battags> ha

[13:38:49 CDT(-0500)] <battags> we're on to JavaScript?

[13:38:51 CDT(-0500)] <wgthom> wow its raining like crazy

[13:39:02 CDT(-0500)] <battags> it was last night is it doing it again?

[13:39:06 CDT(-0500)] <battags> i should say it was early this morning

[13:39:43 CDT(-0500)] <wgthom> really loud…since my office ceiling is essentially the shingles

[13:40:01 CDT(-0500)] <apetro> yes, on to JavaScript

[13:40:21 CDT(-0500)] <apetro> so I think you have some interesting JavaScript that you'd like to share for potential use in enhancing the services registry?

[13:40:45 CDT(-0500)] <apetro> the JavaScript allows a deployer to, looking at a particular registration, try out service identifiers and predict if they'll match?

[13:41:22 CDT(-0500)] <apetro> Feedback as one types?

[13:41:28 CDT(-0500)] <battags> basically yes

[13:41:37 CDT(-0500)] <apetro> I'd certainly love the input.

[13:41:37 CDT(-0500)] <battags> I still have to finish the ant pattern matching part

[13:41:55 CDT(-0500)] <apetro> The concept in the testing tool is to poll against the ServicesRegistry as a whole, however

[13:42:06 CDT(-0500)] <battags> right so I think there are two parts

[13:42:10 CDT(-0500)] <apetro> since one gotcha is that just cuz it matches this particular registration's pattern doesn't mean it will match this registration

[13:42:32 CDT(-0500)] <battags> my code has the ant pattern matching stuff as well as the actual tester

[13:42:35 CDT(-0500)] <apetro> feedback as one types is cool, but up at the level of pinging against the whole registry, not sure it's okay to hit the registry per keystroke

[13:42:45 CDT(-0500)] <apetro> available in github?

[13:42:53 CDT(-0500)] <battags> its local at the moment

[13:43:04 CDT(-0500)] <battags> its a little test script

[13:43:10 CDT(-0500)] <battags> I'll see if I can send it out by the end of the weekend

[13:43:18 CDT(-0500)] <apetro> aight. welcome input.

[13:43:46 CDT(-0500)] <battags> but I potentially seeing the ant part as useful for what Jacob is doing unless he plans on calling the service to find the first match

[13:43:57 CDT(-0500)] <apetro> otherwise, posted mockups to that JIRA, working on setting up feature branches in github and start sharing code on this.

[13:44:35 CDT(-0500)] <apetro> yeah, I think the primary concept is to call the service since that's the problem to be solved here: helping deployers to better understand what they've configured CAS to do

[13:45:03 CDT(-0500)] <battags> so its intended to be an AJAX call

[13:45:27 CDT(-0500)] <apetro> however, elimating need for Order at all will make it less confusing and less needing of tooling to improve deployer confidence (smile)

[13:46:10 CDT(-0500)] <apetro> k. So, code sharing, collab in github, there's a JIRA issue with mockups and a place for further discussion. Pop agenda queue?

[13:46:46 CDT(-0500)] <apetro> : Roadmap: Go!

[13:46:52 CDT(-0500)] <battags> wait hold on a sec ha

[13:46:57 CDT(-0500)] <battags> eliminating order?

[13:47:01 CDT(-0500)] <battags> thoughts on that?

[13:47:10 CDT(-0500)] <battags> did you had ideas on alternatives?

[13:47:51 CDT(-0500)] <apetro> https://wiki.jasig.org/display/~awp9/CAS+Services+Registry+Improvements+for+CAS+3.5#CASServicesRegistryImprovementsforCAS35-EliminateOrderfieldonregisteredservicesinfavorofimplicitOrder

[13:48:55 CDT(-0500)] <apetro> https://issues.jasig.org/browse/CAS-1013

[13:49:59 CDT(-0500)] <apetro> Basically, the idea is that, as deployers use the registry, when they mean for patterns to overlap, longer patterns are obviously intended to be more specific than shorter generic patterns

[13:50:08 CDT(-0500)] <apetro> so apply the implied intent

[13:50:55 CDT(-0500)] <apetro> https://www.vt.edu/myservice matches preferentially over https://**

[13:51:01 CDT(-0500)] <wgthom> the more specific/exact always wins

[13:51:09 CDT(-0500)] <apetro> right

[13:51:20 CDT(-0500)] <battags> so to do that you need to compare just patterns

[13:51:35 CDT(-0500)] <battags> like you can't just compare string length

[13:51:59 CDT(-0500)] <apetro> sure. Real work to implement (or, borrow) a sensible matching/ordering algorithm

[13:52:18 CDT(-0500)] <battags> if one exists go for it. But I know Spring Security just tells you to put most specific first

[13:52:21 CDT(-0500)] <battags> (smile)

[13:53:10 CDT(-0500)] <wgthom> gotta go in 8 minutes

[13:53:51 CDT(-0500)] <apetro> Alright. So, code sharing working towards a better Services Registry.

[13:54:09 CDT(-0500)] <apetro> Pop: Roadmap. Go! (smile)

[13:54:26 CDT(-0500)] <battags> I still have to validate that what Marvin agreed to in proxy is okay

[13:54:28 CDT(-0500)] <battags> I am sure it is

[13:54:37 CDT(-0500)] <battags> I have been distracted by either cutting releases or my job (smile)

[13:54:42 CDT(-0500)] <battags> I apologize for that

[13:54:55 CDT(-0500)] <battags> that was all I had to say on it

[13:54:56 CDT(-0500)] <battags> ha

[13:55:08 CDT(-0500)] <apetro> Okay. I still need to there re-articulate the ClearPass vision.

[13:55:23 CDT(-0500)] <apetro> where are things with cleaning up errant non-current roadmappen?

[13:55:32 CDT(-0500)] <wgthom> cool. feedback. making the roadmap real…and on-going alive is super helpful.

[13:56:02 CDT(-0500)] <battags> I still have the email thread starred as a reminder to complete

[13:56:12 CDT(-0500)] <wgthom> still needs to be done. looks like marvin volunteered to do that at last steer metting

[13:56:47 CDT(-0500)] <apetro> ok. fine action items.

[13:56:54 CDT(-0500)] <apetro> Pop: Github migration. Go!

[13:57:06 CDT(-0500)] <wgthom> github rocks!

[13:57:18 CDT(-0500)] <wgthom> nuff said?

[13:57:19 CDT(-0500)] <battags> it does

[13:57:22 CDT(-0500)] <battags> the only issue I am seeing

[13:57:28 CDT(-0500)] <apetro> I expect I will continue to believe github rocks as I figure out how to be productive in it.

[13:57:37 CDT(-0500)] <battags> is that people aren't creating JIRA issues before requesting pulls

[13:57:40 CDT(-0500)] <battags> so some context is lost

[13:57:50 CDT(-0500)] <wgthom> hmm

[13:57:51 CDT(-0500)] <battags> as well as the ability to have discussions

[13:58:01 CDT(-0500)] <battags> like we just get a request for code changes

[13:58:04 CDT(-0500)] <battags> which is fine when its a bug fix

[13:58:17 CDT(-0500)] <battags> I don't mind creating JIRA issues for bug fixes

[13:58:21 CDT(-0500)] <battags> though I'd prefer someone else did it (wink)

[13:58:54 CDT(-0500)] <wgthom> so, I think the folks wanting the pull…would be motivated to file a jira if they knew it would speed up the commit...

[13:59:11 CDT(-0500)] <apetro> like this, e.g. https://github.com/Jasig/cas/pull/6

[13:59:13 CDT(-0500)] <wgthom> maybe just push back a gently.

[13:59:33 CDT(-0500)] <wgthom> exactly! :0

[14:00:12 CDT(-0500)] <battags> so my concern is at the point at which a pull request was generated they already have code

[14:00:16 CDT(-0500)] <wgthom> i suppose committers could agree that there should always be a jira. how it gets there is open

[14:00:31 CDT(-0500)] <battags> i.e. where was the discussion on cas-user/ dev

[14:00:50 CDT(-0500)] <battags> again for bug fixes not a huge deal

[14:00:52 CDT(-0500)] <wgthom> discussion is good. discussion around working code… even better

[14:01:11 CDT(-0500)] <apetro> maybe some of the discussion starts happening on the pull requests?

[14:01:42 CDT(-0500)] <battags> I don't want people to waste their time writing code that might not be the right direction

[14:01:47 CDT(-0500)] <battags> i.e. if their idea/concern is great

[14:01:54 CDT(-0500)] <wgthom> hmm….are they easily tracked.

[14:01:58 CDT(-0500)] <battags> but the code they spent hours on isn't the direction we would have taken the feature

[14:02:00 CDT(-0500)] <wgthom> i get your point.

[14:02:11 CDT(-0500)] <battags> I'm all for other people writing code

[14:02:16 CDT(-0500)] <battags> just with input from the dev team (wink)

[14:02:19 CDT(-0500)] <wgthom> early discussion, intent is always a good thing

[14:02:54 CDT(-0500)] <wgthom> but as you said.. small bug fix…not a bit deal.

[14:03:08 CDT(-0500)] <battags> right

[14:03:10 CDT(-0500)] <wgthom> yikes. gotta go.

[14:03:11 CDT(-0500)] <wgthom> later.

[14:03:17 CDT(-0500)] <battags> later. have a good weekend

[14:03:21 CDT(-0500)] <wgthom> u2

[14:03:57 CDT(-0500)] <apetro> My time is up. I thank you for yours.

[14:19:31 CDT(-0500)] <foxnesn> do you guys recommend any specific load balancing mechanism for HA ?

[14:27:07 CDT(-0500)] <kickehy> foxnesn: for moodle, after the user first logs in, do you know if it's possible to automatically create the user based on their AD attributes?

[14:30:08 CDT(-0500)] <foxnesn> ooo

[14:30:42 CDT(-0500)] <foxnesn> i dont know. we run a script in oracle during registration that populates the ldap

[14:30:59 CDT(-0500)] <foxnesn> and since moodle is setup for ldap the students could just log in

[14:32:01 CDT(-0500)] <foxnesn> moodle stores users in the user table so im not sure how that would work

[14:41:48 CDT(-0500)] <kickehy> i just don't want new users having to create their account

[14:41:53 CDT(-0500)] <kickehy> it would be nice to automate it

[14:45:25 CDT(-0500)] <kickehy> where's atilling when you need him (big grin)

[14:47:45 CDT(-0500)] <foxnesn> haha

[14:48:08 CDT(-0500)] <foxnesn> when students register dont you have some script that puts them into your AD?

[14:49:31 CDT(-0500)] <kickehy> yes, but it wouldn't add them to moodle

[14:54:29 CDT(-0500)] <foxnesn> hrm, id have to ask our portal admin about that

[14:54:41 CDT(-0500)] <kickehy> heh

[14:54:58 CDT(-0500)] <foxnesn> maybe you dont have to add them to moddle

[14:55:00 CDT(-0500)] <foxnesn> moodle

[14:55:02 CDT(-0500)] <kickehy> though....

[14:55:26 CDT(-0500)] <foxnesn> if the user is in the AD and you set moodle to auth against the AD maybe it retrieves that data from there

[14:55:39 CDT(-0500)] <kickehy> good thought

[14:55:42 CDT(-0500)] <kickehy> i'll try it

[14:55:47 CDT(-0500)] <foxnesn> let me know!

[14:55:52 CDT(-0500)] <kickehy> for sure (big grin)

[15:09:20 CDT(-0500)] <kickehy> hmmmm....after enabling cas, i can't login as the local moodle admin

[15:09:31 CDT(-0500)] <kickehy> therefore, i have no admin access at the moment

[15:20:47 CDT(-0500)] <foxnesn> you should have an admin account that manually auths

[15:23:27 CDT(-0500)] <kickehy> i do, but how do you login as the moodle admin account if everything goes through cas?

[15:26:20 CDT(-0500)] <foxnesn> add your moodle admin to the AD

[15:26:45 CDT(-0500)] <kickehy> heh good idea

[15:27:05 CDT(-0500)] <foxnesn> so long as the password is good with AD specs

[15:28:45 CDT(-0500)] <kickehy> w00t

[15:28:48 CDT(-0500)] <kickehy> foxnesn: thanks

[15:29:05 CDT(-0500)] <kickehy> i was looking for the admin group in the moodle database....i was desperate

[15:35:31 CDT(-0500)] <kickehy> atilling mentioned 'login throttleing'

[15:35:39 CDT(-0500)] <kickehy> any idea what he means?

[15:37:04 CDT(-0500)] <wgthom> dos countermeasure

[15:37:32 CDT(-0500)] <wgthom> mostly for misconfigured clients