Skip to content

9 30 2024 Tech Team Report

Jump to bottom
qqmyers edited this page Sep 30, 2024 · 1 revision

9-30-2024

Logged Tasks

                            Date             Task Hours (Main) Hours (EOLS) Hours (PII) Hours (QDAS)
23-Sep-2024 Reporting, investigate #10869 in qdr branch, find/fix PID reg issue related to datasettype, add fix to PR, investigate consentver logic, add a check of the version returned via Keycloak token, investigate cached value from LDAP -not nginx, but in ldap config in Keycloak, test, meeting 6
24-Sep-2024 MFA investigate conditional OTP step, amr reporting in tokens, add ldap no-cache to dev/stage/prod 3
25-Sep-2024 Fix/merge #22/ext vocab PR after QA, update #10712 from dev per QA, MFA planning 1
27-Sep-2024 Merge/update QDR PID fixes PR per review, merge 6.4 into MFA branch 3

Operations

  • Turned off Keycloak LDAP caching on dev/stage/prod to assure registration/social login attempts get the latest info. (I'm not sure we've seen an issue from this yet, but I did see a delay in Dataverse being sent the latest info about which version of terms have been accepted when I was doing that work. There appears to be ongoing discussion in the Keycloak community about why caching wins over the 'always read from LDAP' setting.)

SSO

  • Investigated terms consent version logic and caching and added a redirect in Dataverse to send the user to the Drupal Terms page if/when the user has not yet accepted terms (as show by the consent version returned in the access token from Keycloak, which is why caching was a problem). This requires a new :QDRRequiredTermsVersion setting in Dataverse to specify what version is sufficient.
  • Investigated Keycloak's "Conditional OTP step" as a possible way to configure MFA based on an LDAP attribute. Checked Keycloak's workflow logic for options to allow MFA by choice while still requiring MFA for curators - it looked like the 'amr' reporting which indicates in an access token whether MFA was used login might help, but I haven't succeeded in turning it on. As an alternative, it may be possible to use logic in Drupal to set the MFA default based on a query about roles to Dataverse/only allow MFA to be turned off if the user's roles allow. This would avoid trying to get the level1/level2 logging to work in parallel with using an LDAP-based flag.

Drupal

Dataverse

  • Investigated whether the problem reported in #10869 w.r.t. an external vocabulary null pointer exception affected QDR. It turns out that with both ORCID and ROR configured on the same parent field, the bug doesn't manifest, so there's no production issue for QDR. The underlying fix will be in v6.4.
  • Found/fixed a ~merge issue (with v6.4, not in v6.3/QDR production) related to the DataCite XML logic and the new dataset type functionality in v6.4 (able to define datasets as type dataset, software, workflow, etc. and have that conveyed to DataCite).
  • Successfully defended the inclusion of the relationtype for related publications in v6.4
  • Merged the almost final v6.4 into the dev/MFA branch.
  • Finalized the changes needed in Dataverse (#10712) and the ORCID/ROR scripts (#22) and helped them get merged/made available for v6.4
  • Updated a ~July PR (#10708) with bug fixes related to PIDs and MDC which is now getting reviewed/QAd for v6.5.

HEAL

TKLabels

AnnoRep

Discussion

  • FWIW: Hoping to get a reasonable MFA implementation soon (maybe this week?) but if we want to go ahead with v6.4 and other fixes I can create a separate branch.

Plans

  • Get MFA to a usable state w.r.t. on authentication issue #43(MFA, etc.)
  • Finalize v6.4-qdr release
  • Background work to change/remove deprecated Drupal modules in prep for 11.0.0
  • Fix Stata-14 ingest by allowing file inspection during direct upload or adjusting the Stata ingester.
  • Fix #113 if possible
  • Matomo - investigate event-level tracking via tag manager, remove non-working google scripts
  • AnnoRep - explore round-trip, configure auto-start and log rotation
  • Ops
    • check missing globalidcreationdates and fix via /modifyRegistration or alternative
  • Dataverse
    • Make PR for guestbook adding datasetversion fix
    • Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
  • QDAS Previewer
    • Updates per request
    • Investigate writing aux file/previewing lower-sensitivity version and/or other write options
  • TBD: FRDR Security
Clone this wiki locally