[11:05:16 CDT(-0500)] <b-sure> hello uPortal devs. Are there URL's in uportal that cannont be accessed unless the user has authenticated? I"m trying to force a redirect to the login page by requesting a protected resource.
[11:05:59 CDT(-0500)] <EricDalquist> all new sessions should get /Login first
[11:06:09 CDT(-0500)] <EricDalquist> but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that
[11:06:16 CDT(-0500)] <EricDalquist> one of the many little fixes I have to get pushed back
[11:08:22 CDT(-0500)] <b-sure> ok thanks EricDalquist. I"m just working on some uMobile authentication using ECP and it requires the client to attempt to access a shibb protected resource.
[11:11:52 CDT(-0500)] <EricDalquist> things are going better today
[11:12:02 CDT(-0500)] <EricDalquist> I should be able to start pulling local mods over into uPortal this afternoon
[11:12:08 CDT(-0500)] <EricDalquist> and hopefully in there are the fixes you need
[11:45:56 CDT(-0500)] <b-sure> cool. thanks EricDalquist
[13:18:15 CDT(-0500)] <b-sure> hello EricDalquist. Is there a url I can request in uPortal that will automatically redirect me to the login? I know there isn't anything in web.xml that says there are protected resources.
[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:05:58) EricDalquist: all new sessions should get /Login first
[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:09) EricDalquist: but there was a bug in 4.0.3 (maybe 4.0.4 too) that prevented that
[13:18:33 CDT(-0500)] <EricDalquist> (2012-04-05 11:06:15) EricDalquist: one of the many little fixes I have to get pushed back
[13:19:54 CDT(-0500)] <b-sure> ok but are you redirected to /Login no matter what url you hit within the portal? I'm just trying to see if we can shibb protect /Login or if we need to protect some other sub path.
[13:20:02 CDT(-0500)] <EricDalquist> yes
[13:20:26 CDT(-0500)] <EricDalquist> once the bug is fixed any first-time-session request should bounce you off /Login
[13:20:26 CDT(-0500)] <b-sure> hmm. that may be an issue for shibb users I think unless all paths in the portal are shibb protected
[13:20:56 CDT(-0500)] <b-sure> because currently we protect our whole portal with shibb which works fine under this scheme
[13:21:17 CDT(-0500)] <b-sure> but for umobile to work, we need to expose an unauthenticated view
[13:21:36 CDT(-0500)] <EricDalquist> that would be a question for the umobile
[13:21:37 CDT(-0500)] <EricDalquist> folks
[13:21:48 CDT(-0500)] <EricDalquist> to see if they can enumerate a set of urls needed by umobile
[13:34:40 CDT(-0500)] <athena> b-sure: if you want to have an unauthenticated version of umobile, you're going to need to allow unauthenticated access to your portal
[13:34:43 CDT(-0500)] <b-sure> ok EricDalquist. another hopefully easy question for you. Are the sub context paths for the guest user (logged in by passing through /Login) any different the the sub context paths for reqular users who authenticate through a login form.
[13:34:45 CDT(-0500)] <athena> umobile re-uses the guest view
[13:35:09 CDT(-0500)] <EricDalquist> huh?
[13:35:10 CDT(-0500)] <b-sure> hello athena. yes we are exposing the unauthenticated view of the portal
[13:35:37 CDT(-0500)] <athena> ok, i guess i'm not quite following, sorry
[13:35:47 CDT(-0500)] <EricDalquist> what is a sub-context?
[13:35:48 CDT(-0500)] <b-sure> the issue is that for shibb to kick in , you need to attempt to access a protected resource
[13:36:03 CDT(-0500)] <EricDalquist> b-sure: why not have a phantom url for the shib login?
[13:36:05 CDT(-0500)] <b-sure> subcontext like /uPortal/subcontextpath/protlet
[13:36:06 CDT(-0500)] <EricDalquist> we do that all the time
[13:36:20 CDT(-0500)] <EricDalquist> setup a <location> block in apache
[13:36:25 CDT(-0500)] <EricDalquist> protect it with shib
[13:36:30 CDT(-0500)] <EricDalquist> and define a redirect to the portal
[13:36:43 CDT(-0500)] <b-sure> yeah thats what I'm thinking . I'm talking to an admin now about a phantom path for shib. but I think it still needs to be a sub context of the portal
[13:36:51 CDT(-0500)] <EricDalquist> so you direct users to example.com/SHIB_FORCE_AUTH
[13:36:57 CDT(-0500)] <EricDalquist> which requires shib-auth
[13:37:06 CDT(-0500)] <EricDalquist> and does nothing other than redirect to /portal/Login
[13:37:21 CDT(-0500)] <EricDalquist> so by subcontext you mean URL path?
[13:37:24 CDT(-0500)] <b-sure> ok so the reidrect is withi the<location> block?
[13:37:29 CDT(-0500)] <b-sure> yeah I mean url path
[13:37:36 CDT(-0500)] <EricDalquist> I think so ... we have an apache admin that does all that for us
[13:37:37 CDT(-0500)] <b-sure> like sub path.
[13:37:42 CDT(-0500)] <b-sure> me too
[13:37:52 CDT(-0500)] <EricDalquist> take a look at https://wiki.jasig.org/display/UPC/Consistent+Portal+URLs
[13:39:48 CDT(-0500)] <b-sure> ok so the strategy is to have the urls formatted similarly whether you are logged in or not. I think if the phantom shibb url idea works that will fix this uMobile/uPortal issue
[13:40:16 CDT(-0500)] <EricDalquist> the format is similar
[13:40:27 CDT(-0500)] <EricDalquist> but the node IDs in the url will likely be different
[13:40:35 CDT(-0500)] <EricDalquist> unless the guest and authd users have the same fragments in their layout
[13:45:22 CDT(-0500)] <b-sure> ok thanks.
[14:11:49 CDT(-0500)] <b-sure> hello EricDalquist. I"m working with my admin on this phantom shibb <location> directive. Are you or your admin in a position to share an example of that by chance?
[14:12:59 CDT(-0500)] <EricDalquist> not today, I can check tomorrow morning if you remind me
[14:16:23 CDT(-0500)] <b-sure> ok np. thanks
[14:24:33 CDT(-0500)] <athena> https://github.com/Jasig/ClassifiedsPortlet
[14:24:44 CDT(-0500)] <athena> really nice new classifieds portlet contributed by gary maxwell
[14:25:01 CDT(-0500)] <athena> looks great so far - JPA, annotation-based spring MVC, etc.