Skip to content

4 17 2023 Tech Team Report

Jump to bottom
qqmyers edited this page Apr 17, 2023 · 1 revision

4-17-2023

Logged Tasks

                            Date             Task Hours (Main) Hours (EOLS) Hours (PII) Hours (QDAS)
3-Apr-2023 Reporting, mtg, get sso logout and redirects between DV/Drupal working, shut off Shib redirects/passive logins, investigate adding attributes in Drupal, investigate catching s3 outage errors to keep homepage, etc. working. 4
4-Apr-2023 Debug issues with new dev machine, install docker-compose, restart services, transfer keycloak db, update drupal settings/code 3
5-Apr-2023 Continue fixing new dev issues - update Drupal, enable qdr_oidc_sso and add settings, update keycloak key, update mpm_prefork.conf, try updating Dataverse, find build issue, update Shib settings, report findings; merge with keycloak beta 11, report keycloak module issue #3352496 to include our remaining updates. 3
6-Apr-2023 Set READ COMMITTED on dev/stage, chown drupal_data, update DV oidc json, update DV db entries for my user 3
7-Apr-2023 Investigate/fix LDAP deprecation warning on stage, investigate adding attributes to profile/userinfo, try adding ldap attr for registration, update qdr_registration module to pick up all profile fields, test. Investigate/fix search issue on stage, update/deploy v5.13 with this fix and better S3 err handling to stage. 6
12-Apr-2023 Update old #6543 for MDC + legacy counts, AnnoRep bug fix for no title/comments, test, deploy to dev/stage 1 3
13-Apr-2023 Deploy ARS 0.0.5 to prod, check for MD5 files on prod, Add ldap reg to oidc branch, test Drupal login/account creation, investigate Dataverse account creation/mapping 3
14-Apr-2023 Fix given_name attr, add QDR params to first login page as a prequal to bypassing it, investigate google 502 failure, update keycloak session timeouts, redirect to / rather than user for now, restore mpm_prefork.conf on dev/stage (again) 4

SSO

  • Get SSO logout and redirects working between Drupal and Dataverse (using one client)
  • Disable shib code/passive login
  • Add LDAP attributes (from reg form) to Keycloak model and to profile and /userinfo endpoint response
  • Merge Keycloak beta 11, open Drupal issue #3352496 with our remaining fixes
  • Update qdr_registration module to use/display fields from profile managed as qdr_oidc_sso module data
  • Test Drupal login and registration, investigate OIDC new account handling/mapping in Dataverse
  • Fix naming of given_name attribute, prepopulate Dataverse form with QDR reg info (as a first step to bypassing it).
  • Investigate login redirect, shift hardcode from user to / for now

Drupal

Dataverse

  • Update #6543 PR for MDC + legacy counts as IQSS has decided to merge it
  • Add code to catch errors creating thumbnails when S3 is down, allowing main pages to display during an S3 outage

AnnoRep

  • Investigated/fixed issue causing a 404 failure when a docx had no comments and no title, deployed to dev/stage/prod

Operations

  • Investigated/fixed issues with new dev machine. Most were related to having an image a few days old (Drupal/DB config) with others related to software installs (docker-compose not yet installed, apache2 config reverting to default) or data (keycloak/mariaDB docker volume with database, drupal_data having wrong owner, Drupal ldap deprecation warning not (yet?) seen on stage).
  • Fixed search schema issue on stage (missed after machine update?)

Discussion

  • Dataverse build issue - same as before (now on dev) with no glassfish user
  • I'm starting to aim for an intermediate OIDC option where we keep LDAP and our current Drupal-based registration form and concentrating on getting the login/logout/registration/updating current users via LDAP, new Google/other provider users, UI look and feel etc. to a usable state as a deployable option. Continuing to remove LDAP (probably requiring a password update, replacing the Drupal reg form with one in Keycloak) and adding new functionality (ability to change passwords, MFA, etc.) could then be added over time.

Plans

  • SSO - continue to explore/build OIDC options
    • Investigate Dataverse adding new users based on OIDC profile
    • Investigate problem with Google login (which worked previously)
    • Investigate ways to simplify user interface (multiple clicks to get through Keycloak)
    • Restore redirect to current page after login
    • Investigate automating recovery from Drupal logged in /Keycloak&Dataverse logged out
  • Matomo - help with transition from Google
  • AnnoRep - explore round-trip, configure auto-start and log rotation
  • Dataverse
    • Make PR for accessibility fix (once finalized)
    • Make PR for guestbook adding datasetversion fix, deploy to stage
    • Continue towards guestbook at request based on ADA's original work
    • Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
  • Drupal - v10 - review compatibility and start updates.
  • QDAS Previewer
    • Updates per request
    • Investigate writing aux file/previewing lower-sensitivity version and/or other write options
  • TBD: FRDR Security
Clone this wiki locally