Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 27 Next »

[09:18:57 CDT(-0500)] <dd_> hello
[09:19:54 CDT(-0500)] <EricDalquist> hello
[09:20:39 CDT(-0500)] <dd_> i'm having trouble understanding SmartLDAPGroupStore
[09:20:49 CDT(-0500)] <dd_> i have it setup with AD
[09:21:20 CDT(-0500)] <EricDalquist> unfortunately I have no experience with SmartLDAPGroupStore
[09:21:25 CDT(-0500)] <dd_> but how do i setup groups like in step 4 here:https://wiki.jasig.org/display/~steve.swinsburg/A+simple+LDAP+group+based+uPortal+setup
[09:21:59 CDT(-0500)] <EricDalquist> I'd recommend posting on the uportal-user email list, Drew Wills can hopefully provide some guidance there
[09:25:14 CDT(-0500)] <dd_> ok
[09:25:22 CDT(-0500)] <dd_> are you familiar with PAGS?
[09:26:25 CDT(-0500)] <EricDalquist> yes
[09:27:21 CDT(-0500)] <dd_> ok, i have the memberOf attribute mapped correctly from AD
[09:27:41 CDT(-0500)] <EricDalquist> so you're getting memberOf as a user attribute from person directory?
[09:27:54 CDT(-0500)] <dd_> yes
[09:28:15 CDT(-0500)] <dd_> i would like to do the group setup like it's done in step 4 here: https://wiki.jasig.org/display/~steve.swinsburg/A+simple+LDAP+group+based+uPortal+setup
[09:28:56 CDT(-0500)] <EricDalquist> ok, and what version of uPortal are you using?
[09:29:03 CDT(-0500)] <dd_> 3.2.4
[09:29:29 CDT(-0500)] <dd_> but the memberOf attribute is set to: CN=STUDENTS,CN=Users,DC=hccc,DC=campus
[09:29:31 CDT(-0500)] <dd_> and: CN=G_College_Now_Students,CN=Users,DC=hccc,DC=campus
[09:29:44 CDT(-0500)] <dd_> because the user belongs to 2 groups, STUDENTS is the top level one
[09:30:09 CDT(-0500)] <EricDalquist> ok
[09:30:17 CDT(-0500)] <EricDalquist> I think the PAGs tests look at all the values
[09:30:38 CDT(-0500)] <dd_> ok, so would i need to do a regex test on it?
[09:30:52 CDT(-0500)] <EricDalquist> hrm ... looking at the logic right now ...
[09:30:55 CDT(-0500)] <dd_> does it treat memberOf as one long string or two separate values?
[09:31:24 CDT(-0500)] <EricDalquist> it depends on how your LDAP server returns it I'd guess
[09:31:40 CDT(-0500)] <EricDalquist> does it return a multi-valued attribute or a single delimited string
[09:32:51 CDT(-0500)] <dd_> don't know, i'm using a command line tool to search
[09:33:00 CDT(-0500)] <dd_> looks like a string with a newline
[09:35:42 CDT(-0500)] <EricDalquist> hrm well you can give the regex tester a try and see how it works
[13:25:09 CDT(-0500)] <athena> EricDalquist: is it no longer true that all new sessions in uportal get redirected through /Login?
[13:25:21 CDT(-0500)] <EricDalquist> hrm, I believe that is still true
[13:25:31 CDT(-0500)] <EricDalquist> though I'm not positive
[13:25:52 CDT(-0500)] <athena> with meta redirects turned off in my browser it seems to jsut load the page
[13:25:55 CDT(-0500)] <athena> not seeing a redirect
[13:26:24 CDT(-0500)] <athena> though don't understand why from looking at the code
[13:27:10 CDT(-0500)] <EricDalquist> hrm
[13:27:14 CDT(-0500)] <athena> meanwhile /layout.json does redirect to /Login
[13:28:25 CDT(-0500)] <EricDalquist> so the only thing I can think of to look at is renderingServletContext.xml versus jsonRenderingServletContext.xml
[13:28:38 CDT(-0500)] <EricDalquist> I believe the redirect to /Login should be happening from one of the interceptors
[13:28:46 CDT(-0500)] <EricDalquist> specifically the RequireSessionInterceptor
[13:29:13 CDT(-0500)] <athena> yeah
[13:29:25 CDT(-0500)] <athena> it looks to me like it's mapped in renderingServletContext.xml
[13:30:20 CDT(-0500)] <athena> yeah, those are the same except for a locale management interceptor, the portlet execution manager, and different packages being scanned
[13:30:27 CDT(-0500)] <EricDalquist> weird
[13:30:38 CDT(-0500)] <EricDalquist> maybe a bug in RequireSessionInterceptor?
[13:31:36 CDT(-0500)] <athena> maybe, though it seems like so little code
[13:31:42 CDT(-0500)] <athena> guess i can add some logging to it
[13:31:44 CDT(-0500)] <athena> really strange
[13:32:09 CDT(-0500)] <EricDalquist> yeah
[13:32:26 CDT(-0500)] <EricDalquist> oh...
[13:32:29 CDT(-0500)] <EricDalquist> I bet I know
[13:33:29 CDT(-0500)] <EricDalquist> wrap the request.getSession and following if block in:
[13:33:30 CDT(-0500)] <EricDalquist> if (request.isRequestedSessionIdValid()) {
[13:33:40 CDT(-0500)] <EricDalquist> I bet it is finding an invalid session
[13:33:50 CDT(-0500)] <EricDalquist> try clearing all your cookies and re-testing to verify
[13:34:19 CDT(-0500)] <athena> had tried that
[13:34:23 CDT(-0500)] <EricDalquist> (tongue)
[13:34:28 CDT(-0500)] <EricDalquist> spoiling my great idea
[13:34:35 CDT(-0500)] <athena> i think actually UrlCanonicalizingFilter may be establishign a session?
[13:34:57 CDT(-0500)] <athena> which woudl account for the difference
[13:35:06 CDT(-0500)] <EricDalquist> hrm
[13:35:08 CDT(-0500)] <EricDalquist> it could be
[13:35:13 CDT(-0500)] <EricDalquist> where does that run?
[13:35:22 CDT(-0500)] <EricDalquist> that might need to get moved into the interceptor chain
[13:35:31 CDT(-0500)] <EricDalquist> so that it runs after the require session interceptor
[13:35:41 CDT(-0500)] <athena> based on my debugger, it looks like it runs before
[13:35:44 CDT(-0500)] <athena> so yeah, that might be the issue
[13:35:55 CDT(-0500)] <athena> configured in web.xml as a filter right now
[13:35:58 CDT(-0500)] <EricDalquist> ah
[13:36:20 CDT(-0500)] <EricDalquist> oh .... right
[13:36:21 CDT(-0500)] <athena> is there a good way to configure filters like that to run after the interceptors?
[13:36:37 CDT(-0500)] <EricDalquist> it is a filter because it has to wrap the request and response
[13:36:48 CDT(-0500)] <EricDalquist> not sure
[13:36:53 CDT(-0500)] <EricDalquist> I can look into it more in about 30 min
[13:36:59 CDT(-0500)] <EricDalquist> if you need me to
[13:40:50 CDT(-0500)] <athena> i think actually it won't affect us too much right now
[13:41:06 CDT(-0500)] <athena> think more than anything it hid another issue in this environment, so going to try and sort that out first
[13:41:39 CDT(-0500)] <athena> you guys are using shib, right?
[13:42:05 CDT(-0500)] <EricDalquist> yes
[13:42:08 CDT(-0500)] <EricDalquist> as of like a week ago
[13:42:14 CDT(-0500)] <athena> oh, lol
[13:42:15 CDT(-0500)] <athena> nice
[13:42:19 CDT(-0500)] <athena> is yours still login-only?
[13:42:28 CDT(-0500)] <EricDalquist> well we've been using it on the system portal side for over a year
[13:42:36 CDT(-0500)] <EricDalquist> we just switched the madison portal to ship
[13:42:38 CDT(-0500)] <EricDalquist> shib
[13:42:46 CDT(-0500)] <EricDalquist> we're getting attributes too
[13:42:58 CDT(-0500)] <athena> think we need to get this set so that /Login doesn't redirect to shib
[13:43:30 CDT(-0500)] <athena> assume that should hopefully be possible
[13:43:53 CDT(-0500)] <EricDalquist> yaeh
[13:44:33 CDT(-0500)] <athena> think i just need to get them to update the SP configuration - have to admit i just dno't remember that much about it
[13:45:08 CDT(-0500)] <EricDalquist> well I'm not much help because our guest view is on a different vhost
[13:45:17 CDT(-0500)] <EricDalquist> so our shib setup doesn't allow guest users
[13:45:56 CDT(-0500)] <athena> yeah
[13:45:59 CDT(-0500)] <athena> figured that was the case

  • No labels