Menu
▾
▴
Re: [Bodington-developers] SP testing on wiki
|
From: Alistair Y. <ali...@sm...> - 2006-07-05 17:02:07
|
> why is it so much work to change that behaviour, so that normal users > login via /site/ and Shibb users via /xyz/? spot on - that's the goal, shibb users go in via /xyz - I can't say how much work that is but until it's there bod can't be advertised as an sp. Taking over the /site for shibb users and shunting normal users to /opensite is not going to go down well with the bod community. Alistair On 5 Jul 2006, at 14:24, Colin Tatham wrote: > Alistair Young wrote: >>> different login route for Shibb isn't as good as a Shunnel(!) >> >> they're the same! a shunnel (cringe) is just another route into an >> app via shibb. In this case it's a different url, /site/ >> bs_template_shibb_login.html or something. > > I thought a shunnel (AY cringes) was a single page where users have > to choose the login method, i.e. > at the *same* URL as any other login point... > >> the issue is that the SP is too "invasive" for normal use. It can't >> be used in a production bod as when it's turned on, all users must >> login via it or via /opensite and when it's turned off they have to >> revert to using the normal login in /site. > > Yes, I understand that, but why is it so much work to change that > behaviour, so that normal users > login via /site/ and Shibb users via /xyz/? Then, whether it's > turned on or off makes no diff to > normal users... > >> The code can stay in head and won't delay 2.8. > > OK, I though someone had suggested that it had to be removed... > >> What will delay 2.8 is >> waiting for a shibb url to be implemented so that bod can be >> advertised as an sp in 2.8 >> >> Alistair >> >> >> On 5 Jul 2006, at 13:58, Colin Tatham wrote: >> >> >>> Although I agree with most of what you say (I think) it doesn't >>> seem to address what I was >>> suggesting/asking? (Maybe it wasn't supposed to :-) ) >>> >>> 1) Can the SP bit be turned off by default, or re-configured so >>> that the *Shibb* route is via a >>> different URL? >>> 2) Is the SP code already in HEAD? >>> >>> Although I agree having a different login route for Shibb isn't as >>> good as a Shunnel(!) releasing >>> 2.8 with different URL Shibb is better than not including it at >>> all, especially if we have to take >>> the code out of HEAD? >>> >>> Colin >>> >>> Alistair Young wrote: >>> >>>> Let me clarify first, that the issue is with bod itself, not with >>>> what Atif has produced as a shibb module. I suspect the hand of >>>> politics involved and as we all know, developers are it's servants. >>>> >>>> It would seem that local demands have impinged upon the gx >>>> philosophy >>>> of minimal disruption. e.g. the bod IdP runs without normal users' >>>> knowledge and the SP should do the same. We, the gx project as a >>>> whole, could have caught this earlier if we'd known about it but we >>>> didn't so we couldn't. As the gx project is not about custom coding >>>> to local demands then I would say it's fair to ask Atif or someone >>>> Leeds can nominate to remove the implications of those local >>>> demands >>>> and bring bod in line with the minimal philosophy. >>>> >>>> This means providing a separate shibb route into bod. We've seen it >>>> before with webauth etc so it's possible and is arguably the way it >>>> should have been. >>>> >>>> As it stands, it's unacceptable to change the way an institution's >>>> users work just so that a feature of the vle can be tested. When >>>> opening your vle to shibbed users means inconveniencing your own >>>> users, then we have failed. It's bad practice and bad publicity >>>> that >>>> will only harm bod in the long run. >>>> >>>> The Guanxi and SOCKET projects enjoy a symbiotic relationship so >>>> let's not disturb that. Instead, let's find a way out of this >>>> that is >>>> benficial to all concerned. Whether that means subcontracting to >>>> someone who knows enough about bod to implement this is a matter >>>> for >>>> discussion. >>>> >>>> Indeed, we know of someone who is currently available and is fresh >>>> from testing bod and has some shibb knowledge to boot ;) >>>> >>>> Alistair >>>> >>>> >>>> On 5 Jul 2006, at 12:57, Colin Tatham wrote: >>>> >>>> >>>> >>>>> Sean Mehan wrote: >>>>> >>>>> >>>>>> well, what it does mean is that >>>>>> >>>>>> 1) GX isn't done, still; >>>>>> 2) 2.8 will ship with no SP support unless we delay the 2.8 >>>>>> release >>>>>> for an indeterminate amount of time. >>>>> >>>>> Are the problems with the SP that bad that we remove it for 2.8? >>>>> I think the main one is the fact that you can't use the same login >>>>> route for Shibb and normal Bod >>>>> auth (and the fact that sysadmin has to go via /opensite/). If >>>>> it's >>>>> possible to release it with the >>>>> SP stuff turned off, it will work as normal, and if people want to >>>>> test the SP, they follow some >>>>> short instructions to enable it (and find out that they have to >>>>> now >>>>> login via /opensite/ as sysadmin)? >>>>> >>>>> Colin >>>>> >>>>> >>>>> >>>>> >>>>>> If it is the case that we still haven't finished GX (with the >>>>>> SP in >>>>>> bod being a component of that), then, I suppose that we are >>>>>> beholden >>>>>> to Leeds to find the time for >>>>>> their current project, which is still giving them money, in >>>>>> order to >>>>>> complete a project for which they received all of their money >>>>>> some >>>>>> time ago. >>>>>> >>>>>> As for 2, all things being equal, its a ++2 from me to ship >>>>>> Bod 2.8 >>>>>> with no SP support. >>>>>> >>>>>> s >>>>>> >>>>>> >>>>>> On 5 Jul 2006, at 12:13, Alistair Young wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> nae probs wee man! >>>>>>> >>>>>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Thanks Alistair for the feedback: >>>>>>>> http://www.bodington.org/wiki/index.php? >>>>>>>> title=TestRel2.8#Shibboleth_Functionality >>>>>>>> >>>>>>>> Any work on bodington-sp will have to wait until Socket >>>>>>>> project is >>>>>>>> finished at the end of the month. >>>>>>>> >>>>>>>> Ta >>>>>>>> Atif. >>>>>>>> >>>>>>>> >>>>>>>> Sean Mehan wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On the SP side, Atif, can you fix the things Al has found >>>>>>>>> there, >>>>>>>>> including the documentation? We really need the SP to work >>>>>>>>> as a >>>>>>>>> final >>>>>>>>> output for GX. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> S >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> I've updated the testing page: >>>>>>>>>> http://www.bodington.org/wiki/index.php? >>>>>>>>>> title=TestRel2.8#Shibboleth_Functionality >>>>>>>>>> >>>>>>>>>> Good work Atif on the sp module but bod itself just isn't >>>>>>>>>> ready >>>>>>>>>> to be >>>>>>>>>> an sp IMHO. >>>>>>>>>> >>>>>>>>>> Alistair >>>>>>>>>> >>>>> >>>>> -- >>>>> ____________________________________ >>>>> Colin Tatham >>>>> VLE Team >>>>> Oxford University Computing Services >>>>> >>>>> http://www.oucs.ox.ac.uk/ltg/vle/ >>>>> http://bodington.org > -- > ____________________________________ > Colin Tatham > VLE Team > Oxford University Computing Services > > http://www.oucs.ox.ac.uk/ltg/vle/ > http://bodington.org > > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Bodington-developers mailing list > Bod...@li... > https://lists.sourceforge.net/lists/listinfo/bodington-developers |
