Shibboleth: Remote Authentication Phase 1

[pdurbin]

RFI Checklist

1. Related Issues

• Shibboleth: Remote Authentication Phase 1 #2939 Shibboleth: Remote Authentication Phase 1 (parent issue for 2939-shib branch)
• Shibboleth: Re-test Institution-wide Shibboleth groups and CRUD API operations #1533 Shibboleth: Re-test Institution-wide Shibboleth groups and CRUD API operations
• Account Information API Token - Return to Account Pg? #1706 Account Information API Token - Return to Account Pg?
• Review what shows in user account info and what can be changed #2046 Review what shows in user account info and what can be changed (Shib users can't change anything)
• Shibboleth: update shibboleth2.xml entityID to end with "sp" rather than "shibboleth" #2104 Shibboleth: register with InCommon after updating entityID
• API Tokens: Add Done Button To Page #2481 API Tokens: Add Done Button To Page
• Shibboleth: multiple email addresses are stored as a single invalid address separated by a semicolon #2512 Shibboleth: multiple email addresses are stored as a single one
• Local account creation URL ignores :AllowSignup #2838 Local account creation URL ignores :AllowSignup
• Shibboleth: Add superuser API endpoint to migrate Shib user to builtin/local account #2915 Shibboleth: Add superuser API endpoint to migrate Shib user to builtin/local account
• Shibboleth: tooling for debugging SAML assertions #2916 Shibboleth: tooling for debugging SAML assertions
• Shibboleth: Support "Federated Login Mode" (i.e. feed of Identity Providers from InCommon) #2937 Shibboleth: Support "Federated Login Mode" (i.e. feed of Identity Providers from InCommon)
• Shibboleth: Review Text For Converting an Account/Creating an Account #2950 Shibboleth: Review Text For Converting an Account/Creating an Account (the new Account/Shibboleth: Converting from local to non-local #796, related to Shibboleth: persist institution name as affiliation for users #1497 Shibboleth: persist institution name as affiliation for users)
• Shibboleth: Institution Log In changes: Help link and extra text #2951 Shibboleth: Institution Log In changes: Help link and extra text (the new UI/UX for Shibboleth login #794)
• Shibboleth: successful conversion from builtin/local account message should appear on account page rather than the home page. #2952 Shibboleth: successful conversion from builtin/local account message should appear on account page rather than the home page
• Installation Guide: Improve Shibboleth documentation #2953 Installation Guide: Improve Shibboleth documentation
• Notifications: Welcome to 4.0 Notification Needs to Change #2966 Notifications: Welcome to 4.0 Notification Needs to Change
• User Guide: Add section about remote authentication (experimental) #2975 User Guide: Add section about remote authentication
• API: add endpoint for listing users #3009 API: add endpoint for listing users
• Shibboleth: Update any mentions of Institution to be Institutional #3011 Shibboleth: Update any mentions of Institution to be Institutional
• (no issue) 404 and 403 error message text should now link to support pop up. Done in 51d15f8
• (no issue) review dataverseuser.xhtml and see if code related to SearchIncludeFragment can be removed since MyData probably isn't using it. Done in 040a4d4
• Support Form: math challenge doesn't work from some pages #3036 Support Form: math challenge doesn't work from some pages
• Shibboleth: Add shibboleth api endpoints to api doc. #3037 Shibboleth: Add shibboleth api endpoints to api doc
• My Data: Permissions granted by Shib groups do not appear on My Data #3041 My Data: Permissions granted by Shib groups do not appear on My Data
• Shibboleth: Convert account page fails due to password validation. #3045 Shibboleth: Convert account page fails due to password validation.
• Shib users do not get the "Welcome to Dataverse" message when creating a new account #3080 Shib users do not get the "Welcome to Dataverse" message when creating a new account
• Shibboleth UI Improvements: Messaging, Formatting, Etc #3085 Shibboleth UI Improvements: Messaging, Formatting, Etc
• API Token: Add as a tab in the my data/notifications/account info page #3086 API Token: Add as a tab in the my data/notifications/account info page
• Shibboleth: "Allow me to type the name of my institution" option dropdown looks bad #3091 Shibboleth: "Allow me to type the name of my institution" option dropdown looks bad

---

2. Pull Request Checklist

• Functionality completed as described in Remote Authentication Business Requirements Document (BRD)
• Dependencies, risks, assumptions in Remote Authentication Business Requirements Document (BRD) addressed
• Unit tests completed
• Deployment requirements identified (e.g., SQL scripts, indexing)
• Documentation completed
• All code checkins completed

---

3. Review Checklist

After the pull request has been submitted, fill out this section.

• Code review completed or waived
• Testing requirements completed
• Usability testing completed or waived
• Support testing completed or waived
• Merged with develop branch and resolved conflicts

[coveralls]

Coverage increased (+0.2%) to 5.168% when pulling 3b5503e on 2939-shib into 5e38c9c on develop.

[coveralls]

Coverage increased (+0.2%) to 5.167% when pulling 5dba82d on 2939-shib into 5e38c9c on develop.

[coveralls]

Coverage increased (+0.2%) to 5.167% when pulling 5dba82d on 2939-shib into 5e38c9c on develop.

[eaquigley]

Good on my end. Passing to @kcondon to merge.

[pdurbin]

The merging of several pull requests yesterday has resulted in the message, "This branch has conflicts that must be resolved." I'm stealing this pull request back to resolve merge conflicts.

murphy:dataverse pdurbin$ git merge develop
Auto-merging src/test/java/edu/harvard/iq/dataverse/util/BundleUtilTest.java
CONFLICT (content): Merge conflict in src/test/java/edu/harvard/iq/dataverse/util/BundleUtilTest.java
Auto-merging src/main/webapp/dataverseuser.xhtml
CONFLICT (content): Merge conflict in src/main/webapp/dataverseuser.xhtml
Auto-merging src/main/webapp/dataverse_header.xhtml
Auto-merging src/main/webapp/dataset.xhtml
Auto-merging src/main/java/Bundle.properties
CONFLICT (content): Merge conflict in src/main/java/Bundle.properties
Auto-merging pom.xml
Automatic merge failed; fix conflicts and then commit the result.

[coveralls]

Coverage increased (+0.2%) to 5.167% when pulling fe5b00d on 2939-shib into be5b26e on develop.

[pdurbin]

@scolapasta it seems that merging #3108 (3089-jsoup) into develop cause several merge conflicts for this pull request. I just merged "develop" into 2939-shib (this pull request) and resolved conflicts in fe5b00d. That commit message has the details of the nature of the conflict but I'll repeat them here:

Conflicts from #3108 (3089-jsoup):
src/main/java/Bundle.properties
src/main/webapp/dataverseuser.xhtml
src/test/java/edu/harvard/iq/dataverse/util/BundleUtilTest.java

• Had to fix welcome notification on signup (no more
  notification.welcome1 and notification.welcome2)
• Apply dataverse.saved.search.success fix from 09454b2

@scolapasta I'm going to pass this pull request to you to see what you think. If you could also please let me know if you think I should to the refactoring and cleanup I mentioned the other day, I'd appreciate it. I'm feeling a bit guilty about about the state of the code in the "convertShibToBuiltIn" method I added to the API:

dataverse/src/main/java/edu/harvard/iq/dataverse/api/Admin.java

Line 269 in fe5b00d

* @todo Refactor more of this business logic into ShibServiceBean in case

. I hope the todo's there explain how the logic should be centralized (so it can be called from the GUI someday as well) but my biggest concern is the "half converted" stuff... ideally we would write to the "builtinuser" and "authenticateduser" tables in a single (EJB?) transaction. I'm not quite sure how to do this.

[pdurbin]

@scolapasta gave me the go ahead to clean up the "convertShibToBuiltIn" code, which I did in a new pull request: #3120.