Newsletter - 201010 - October 2010
JASIG NEWSLETTER - OCTOBER 2010
================================================================
JASIG PROJECTS
Central Authentication Service (CAS)
- CAS 3.4.3 Released
- Jasig CAS Client for Java 3.1.12
- PhpCAS 1.1.3 Client Released
uPortal
- uPortal 3.2.4 Released
- uPortal 3.1.5 Released
- uPortal 3.0.8 Released
- Documentation Update
Bedework
- Bedework 3.7 milestone release is available
- Bedework at the Jasig UnConferenceÂ
- Bedework and Exchange – together again for the very first time
- Un Mundo, Un Calendaria - Bedework
JASIG INCUBATOR
- Incubation Steering Committee Report
AROUND JASIG
- Millikin University Contributes New Portlet Demos
UPCOMING COMMUNITY EVENTS
- Fall 2010 Internet2 Member Meeting - Atlanta, Georgia (November 1-4, 2010)
- Kuali Days 2010 - San Diego, California (November 8-10, 2010)
================================================================
JASIG PROJECTS
Central Authentication Service (CAS)
CAS 3.4.3 Released
Dear CAS Community,
We're proud to announce the CAS Server 3.4.3 release, with the following fixes, enhancements, and features:
* Delayed login removes service parameters
* Switched to jQuery instead of custom JavaScript
* Reduced Service Ticket Expiration Time
* Improved Logging for Proxy Chains
* Escape $ when doing DN lookups for LDAP
* Localization support for Macedonian and Catalan languages
* SAML1.1 Compliance with Ticket ID Generator
* Missing InResponse field is now there for SAML1.1
* Updated syntax for web flow and POST redirects
* Fixed Exception being thrown when rendering error pages (ironic!)
* NullPointerException in DefaultLdapServiceMapper
* Throttling Services patch applied
* Fixed relative paths in error pages
* LDAP handlers now accept %u and %U
* Example Language code in JSP page now properly escapes values
You can download the releases from our usual repository: http://downloads.jasig.org/cas/
Or from the Maven Repository. Â We, of course, recommend using the Maven2 WAR Overlay method: https://wiki.jasig.org/x/sgKkAQ
Users who copied the language display code from our sample JSP pages should compare their code to our new code.
This download is recommended for all users. Â Thanks to everyone who reported or suggested a patch for this release.
Thanks,
Scott
Scott Battaglia
================================================================
Jasig CAS Client for Java 3.1.12
Dear CAS Community:
We're pleased to announce the release of the Jasig CAS Client for Java 3.1.12.
This version offers a number of new features:
* Assertion Caching Facility for JAAS Authentication
* Tomcat Integration support (big thanks to Marvin for really fleshing this out beyond the initial implementation)
* Add support properly configuring SAML1.1 support via SamlAuthenticationFilter
A number of improvements:
* Improve error message due to clock drift in SAML validation
* Improved error reporting when receiving proxy tickets
* Fixed breaking exception chain in JAAS support
A bug:
* Error in encoding of redirects for validation filters
You can download the archives from:http://downloads.jasig.org/cas-clients/
or use the Maven repository:
* groupId: org.jasig.cas.client
Thanks,
Scott
================================================================
PhpCAS 1.1.3 Client Released
Dear CAS Community,
We are pleased to announce the new 1.1.3 release [1] for phpCAS. This release contains 3 security fixes for vulnerabilities in the proxy callback mechanism. These vulnerabilities only affect phpCAS clients that are running in proxy() mode.
The release is fully compatible with all versions 1.1.x versions.
The changes are:
Security Issue
* CVE-2010-3690 phpCAS: XSS during a proxy callback [PHPCAS-80] (Joachim Fritschi)
* CVE-2010-3691 phpCAS: prevent symlink attacks during a proxy callback [PHPCAS-80] (Joachim Fritschi)
* CVE-2010-3692 phpCAS: directory traversal during a proxy callback [PHPCAS-80] (Joachim Fritschi)
Bug Fixes
* fix missing $this in domxml-php4-to-php5 [PHPCAS-73] (Iñaki Arenaza)
* fix broken redirection with safari [PHPCAS-79] (Alex Barker)
* fix missing exit() call during ticket validation [PHPCAS-76] (Igor Blanco,Joachim Fritschi)
* fix a notice because REQUEST_URL is not defined on IIS [PHPCAS-81] (Iñaki Arenaza)
* fix a typo in pgt-db.php [PHPCAS-75] (Julien Cochennec)
* removal of the non functional pgt-db backend [PHPCAS-81] (Joachim Fritschi)
Improvements
* upgrade domxml-php4-to-php5 to the newest version [PHPCAS-74] (Joachim Fritschi)
Cheers,
Joachim
Joachim Fritschi
[1] http://downloads.jasig.org/cas-clients/php/1.1.3/
================================================================
uPortal
uPortal 3.2.4 Released
Jasig is proud to announce the general audience release of uPortal 3.2.4. uPortal 3.2.4 is the recommended version with which to start a new uPortal deployment.
The 3.2.4 release was necessitated by a regression introduced in 3.2.3 relating to UP-2804 and reported in UP-2854. It is recommended to skip the 3.2.3 release.
The following issues have been addressed for 3.2.4:
Bug
* UP-2844 - Error exporting layouts with DLM node references with some JDBC drivers
* UP-2854 - Portlets fail when maximized
Improvement
* UP-2856 - Update Resource Aggregator
Important 3.2.4 Upgrading Note
The Skin Resource Aggregation library has been updated. If your installation has created a custom skin the corresponding skin.xml file must be updated. The skin.xml files included with uPortal have already been updated in the release.
Update for 3.2.4 change the root element:
From
<s:resources xmlns:s="http://www.jasig.org/uportal/web/skin">
</s:resources>
To
<resources xmlns="http://www.jasig.org/uportal/web/skin"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="
  http://www.jasig.org/uportal/web/skin
  https://source.jasig.org/sandbox/resource-aggregator/tags/resource-aggregator-parent-1.0.0/resource-aggregator-api/src/main/resources/skin-configuration.xsd">
</resources>
Update skin parameter (if used in your skin.xml):
From
<css type="fss-theme" name="fl-theme-iphone">/ResourceServingWebapp/rs/fluid/1.2/fss/css/fss-mobile-theme-iphone.min.css</css>
To
<parameter name="fss-theme">fl-theme-iphone</parameter>
<css>/ResourceServingWebapp/rs/fluid/1.2/fss/css/fss-mobile-theme-iphone.min.css</css>
Downloads are available from: http://www.jasig.org/uportal/download/uportal-324
Release notes are available at: https://wiki.jasig.org/display/UPC/3.2.4
Eric Dalquist
================================================================
uPortal 3.1.5 Released
Jasig is proud to announce the general audience release of uPortal 3.1.5. uPortal 3.1.5 is a patch release for uPortal installations already on 3.1. Database and configuration compatibility is maintained for patch releases so upgrading to a patch release should be very easy for deployers.
The 3.1.5 release was necessitated by a regression introduced in 3.1.4 relating to UP-2804 and reported in UP-2854. It is recommended to skip the 3.1.4 release.
The following issues have been addressed for 3.1.5:
Bug
* UP-2844 - Error exporting layouts with DLM node references with some JDBC drivers
* UP-2854 - Portlets fail when maximized
Downloads are available from: http://www.jasig.org/uportal/download/uportal-315
Release notes are available at: https://wiki.jasig.org/display/UPC/3.1.5
Eric Dalquist
================================================================
uPortal 3.0.8 Released
Jasig is proud to announce the general audience release of uPortal 3.0.8. uPortal 3.0.8 is a patch release for uPortal installations already on 3.0. Database and configuration compatibility is maintained for patch releases so upgrading to a patch release should be very easy for deployers.
The 3.0.8 release was necessitated by a regression introduced in 3.0.7 relating to UP-2804 and reported in UP-2854. It is recommended to skip the 3.0.7 release.
The following issues have been addressed for 3.0.8:
Bug
* UP-2844 - Error exporting layouts with DLM node references with some JDBC drivers
* UP-2854 - Portlets fail when maximized
Downloads are available from: http://www.jasig.org/uportal/download/uportal-308
Release notes are available at: https://wiki.jasig.org/display/UPC/3.0.8
Eric Dalquist
================================================================
Documentation Update
We had our first documentation session at the Jasig Unconference and it was a true success. A laundry list of topics were proposed for documentation and there were many volunteers who are stepping up to contribute. We should be getting several more pages of documentation to the manual very soon.
For those of you who did not attend the conference if you have any questions or ideas for the 3.2.x manual please don't hesitate to contact me.
Thanks so much for the support. We really appreciate the hard work that the community has done towards creating the manual.
Sincerely,
Laura McCord
uPortal Documentation Coordinator
Southwestern University
mccordl@southwestern.edu
================================================================
Bedework
Bedework 3.7 milestone release is available
Please see the release notes for details:http://www.jasig.org/bedework/download/bedework-3.7.m1
This milestone release represents a technical preview, not a production release, of Bedework 3.7 - milestone - there are bugs and some still incomplete functionality. However, this milestone represents an opportunity to explore the new functionality and improvements which will be present in the 3.7 production release.
================================================================
Bedework at the Jasig UnConferenceÂ
Mike Douglass, Arlen Johnson, Barry Leibson, and I all attended the Jasig Unconference earlier this month at the University of St. Francis in Joliet, IL. Although we arrived midday on Monday, a day later than we were scheduled to, the UnConference proved to be a very productive and enjoyable event, in no small part due to the gracious hospitality of our colleagues at St. Francis.
We led sessions onÂ
* Calendaring Web Services and Exchange
* CardDAV and Portable Contacts
* Bedework Calendar Portlet
* Bedework 3.7
and gave lightning talks on
* Bedework Feed Builder
* Bedework status update
* RPI Class Scheduler
* Jasig Bedework calendar
Unicon’s Jen Bourey, who is the original author of the Jasig calendar portlet, had the portlet interfaced to the soon-to-be-released Jasig Bedework calendar in under an hour. We also provisioned Jen on the Bedework dev server so that we can collaborate with her on improving the CalDAV support in the portlet.
We also facilitated the UW-Madison Scheduling Assistant session. The back-story on this session is that we first saw the Scheduling Assistant at the Madison Unconference in 2008. At that time it was a good app. Today it is a very impressive office hours app, built atop Oracle calendar. Nick Blair is the author of Scheduling Assistant. At the CalConnect member meeting earlier in October (http://calconnect.org/roundtable19rpt.shtml), I spoke with one of Nick’s colleague’s at the University of Wisconsin. I encouraged him to encourage Nick to attend the Unconference, which Nick had not registered for, but, amazingly, Nick decided to attend. The Scheduling Assistant was incredibly well received. We encouraged Nick to open source the app, and there is some chance that may happen. We are to follow up with Nick in about a month to see where that stands. If/when this does become an open source application we hope to be able to make it Bedework-friendly.
Four folks from the University of Notre Dame attended the conference for a day. Notre Dame is a Bedework site, and they were also interested in uPortal and CAS. It was great to have the opportunity to meet and talk with them.
The RPI Open Course Scheduler (ROCS) (http://code.google.com/p/rpi-class-scheduler/) is an open source app (portlet) which allows students to build schedules and view them graphically prior to actual registration. We helped facilitate the integration of this application into the RPI infrastructure, but the development was led the by Rensselaer Center for Open Source (ROCS) - http://rcos.rpi.edu/), a student driven organization.
================================================================
Bedework and Exchange – together again for the very first time
We have started development of Bedework web services interface to Microsoft Exchange using Exchange Web Services (EWS). The road to Microsoft integration has been a long one.
When we first announced the Bedework project late in 2005, one of the goals for Bedework was interoperability with Microsoft Outlook. We did not have the time or the skills necessary to do this work ourselves. We were confident that the marketplace, open source and/or commercial, would provide us with the solution we sought.
In August 2007, we announced we were providing financial and technical support to the Open Connector project, which was producing a CalDAV plug-in for Outlook. Ultimately, Open Connector never achieved the reliability or the complete functionality necessary for production software.
In September 2008, we became aware of the ZideOne CalDAV plug-in for Outlook under development in Germany. After we met the ZideOne developers at a CalConnect event in the Czech Republic, we began working with them more directly. The ZideOne plug-in was more stable and feature-rich than the Open Connector, and looked very promising. Shortly prior to their first production release in January 2010, the ZideOne web site suddenly shutdown, and the connector was no longer available.
So, roughly four years after launching Bedework, the marketplace had not yet delivered the Outlook integration we had sought.
Just this summer we ran across iCal4OL, an outboard CalDAV synchronization client for Outlook. iCal4OL is relatively inexpensive, and works reasonably well, but it a little challenging to configure. iCal4OL is a useful utility, but perhaps not the ultimate solution we were looking for.
Recently we learned of the "Microsoft Exchange data provider for Thunderbird Lightning", an open source Lightning plug-in which provided interoperability between Mozilla Lightning calendars and Microsoft Exchange calendars via Exchange Web Services (EWS).
Although we did not actually look at the Lightning plug-in, we were inspired to revisit our initial objectives. Given that we had been searching for a CalDAV plug-in for Outlook, why were we now developing a web services interface for Exchange? What had changed?
There have been a number of inquiries lately about Bedework interoperability with Exchange, and, like I said, we were inspired by the Lightning plug-in mentioned previously. If others were having success using EWS, perhaps it was time to try it ourselves.
We had targeted Outlook, and not Exchange, because Exchange was available to only enterprise users, but Outlook was used outside the enterprise as well as within. Exchange 2010 has greatly improved OWA - Outlook web access, with equally good support for all popular browsers, not just Microsoft’s Internet Explorer. It was clear that many Exchange 2010 users would no longer necessarily be Outlook users.
We had become familiar with web services while developing a Web Services API for calendaring specification within OASIS, the Organization for the Advancement of Structured Information Standards. This work initially focused on a RESTful API. Developing a EWS interface for Bedework provided an opportunity to become familiar with SOAP, which would be next in the development of the OASIS specification. And, we had a pre-production Exchange 2010 environment we could use for testing.Â
In brief, the EWS/Bedework Synch project consists of a JBoss package (largely independent of Bedework), built using standard JAXB tools, and includes a service, and a web server.Â
It communicates with the remote calendar system via a simple proprietary web service which is currently being developed. The intent is to allow the option of 1-way synchronization, or 2-way synchronization, optionally with a nominated master. We are testing against Exchange 2010, but we anticipate that the service will also be compatible with Exchange 2007.
We expect that a milestone release of this not-yet-completed work will be included in the Bedework 3.7 production release.
================================================================
Un Mundo, Un Calendaria - Bedework
Our Bedework colleagues at Universidad Pública de Navarra (UPNA), Juan Cruz Ruiz de Gauna and Carlos Alonso Vega, met with their counterparts at the University of Navarra, which is also located in Pamplona, Spain, to discuss collaborating on a Spanish translation of the upcoming Bedework 3.7 release, currently available as a milestone release (http://www.jasig.org/bedework/download/bedework-3.7.m1).
UPNA is a long-time Bedework site, and Juan Cruz is a member of the Bedework steering committee. We look forward to providing the fruits of this collaboration between Spanish universities as part of the Bedework 3.7 production release.
Contributed by: Gary Schwartz
================================================================
JASIG INCUBATOR
Incubation Steering Committee Report
The Incubation Committee is pleased to announce that the Simple Content Portlet and the Announcements Portlet have completed incubation and are now the first fully sponsored Jasig Portlets. Â Congratulations to Erik Olsson and Jen Bourey for dotting all the I's and crossing all the T's to complete this process. Â To find out more see the pages on the Portlets wiki site at https://wiki.jasig.org/display/PLT/Home.
Susan Bramhall
================================================================
AROUND JASIG
Millikin University Contributes New Portlet Demos
Millikin University has contributed two new portlet screencasts, which have been uploaded to uPortal's YouTube channel, thanks to the efforts of RJ Podeschi and Chris Myers at Jasig's recent Unconference at the University of Saint Francis in Joliet, Illinois.
For details, see the article at: http://www.jasig.org/millikin-university-contributes-new-port
YouTube LinksÂ
GPA Calculator: http://www.youtube.com/watch?v=66P4hh49ukA
Alumni Directory: http://www.youtube.com/watch?v=JS1ba2sn6N0
================================================================
UPCOMING COMMUNITY EVENTS
Fall 2010 Internet2 Member Meeting - Atlanta, Georgia (November 1-4, 2010)
"The Internet2 community will come together from November 1--4, 2010 in Atlanta, Georgia for its annual Fall Member Meeting."
"Internet2 Member Meetings bring the member community together for interactive discussions about new and ongoing work and provide a venue for members to make connections and form new collaborations. Additionally, the side meetings held in conjunction with the Member Meeting provide forums for Working Groups, SIGs and BoFs to meet face-to-face."
[http://events.internet2.edu/2010/fall-mm/]
Follow us on Twitter: #I2FMM10
================================================================
Kuali Days 2010 - San Diego, California (November 8-10, 2010)
With Kuali projects moving from theory to practice and more institutions adopting Kuali applications, Kuali Days is changing from an internal community event focused on teams of subject matter experts to an event that will engage a wider audience that includes adopters, potential adopters, and end-users. We encourage the Kuali community to join us for the next generation of Kuali Days.
Conference attendees include a variety of people from current and potential member institutions, adopters, and commercial businesses including executive leaders, users, implementation staff and developers from Kuali applications. The tracks featured this year will follow the conference theme of From Theory to Practice.
* Kuali Financial Systems (KFS)
* Kuali Coeus (KC)
* Kuali Student (KS)
* Kuali Rice (Rice)
* Kuali Implementers
* Other Topics
Source: [http://kuali.org/kd]
================================================================
================================================================
Jasig Newsletter - October 2010
Editor: Mark Rogers (University of Manitoba)
Online edition at: [http://www.jasig.org/jasig-newsletters/october-2010]
Past editions of the Jasig Newsletter can also be found in the Jasig wiki at: [https://wiki.jasig.org/display/JSG/Newsletter]
================================================================