#foswiki 2015-08-18,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
HenroRitchieMorning all. gac410 thank you for the updates! [03:11]
gac410You're welcome... Hopefully it works for you. [03:11]
HenroRitchieI will try now. Where in the world are you? Seeing that you are probably close to 10 hours behind me [03:12]
gac410East coast US. Time to sleep soon :)
11:15 PM here.
[03:12]
HenroRitchiesho - that is quite late - it is now 05:15 here in South Africa [03:13]
***gac410 has left [03:23]
....................... (idle for 1h51mn)
ChanServ sets mode: +o CDot [05:14]
...................... (idle for 1h46mn)
alexlistHi... I am currently evaluating Wikis for a startup, and we have two candidates... a) MediaWiki, b) FosWiki. FosWiki, because one of us used TWiki in $JOB-1 and likes the enterprise features like fine grained access control. However, it seems the Debian packages are very outdated... is that something you're still actively maintaining?
I am asking because I'm a sysadmin and I am not too fond of the idea of manually updating software...
And, btw, user registration on foswiki.org doesn't work with GMail addresses, it seems... I never received the confirmation e-mail, neither on my personal nor on a Google Apps for Business account. Registration with a non-Google hosted e-mail worked...
[07:00]
..... (idle for 23mn)
Lavralexlist
The main difference between Foswiki/TWiki and other wikis is the features that enables making applications.
And I am not talking plugins. I am talking about making simple business workflows based on structured data using the data forms in Foswiki and the powerful SEARCH
It means that anyone without programming experience can create workflows and structured information in just a few hours.
Just a few examples from my company. Meeting minutes, schedules, weekly report roll-up, bug registration, customer/factory issue tracking, change control boards, software release planning, regulatory filing tracking, quality assurance plans, ISO9000 quality management system, Instrument calibration tracking, requirements management....
[07:26]
I use less than 1 day per year keeping Foswiki up to date on my production server. I would never trust debs or rpms to keep plugins etc up to date or to not overwrite the little tailoring and tweaks we all do. The upgrade packages for decimal releases can normally be unzipped on top of the running installation. But going from 1.X to 2.0 is a painful affair that takes days and it also would for a deb based install.
But there are quite many years between major number releases on this project.
[07:37]
......... (idle for 41mn)
JulianLevensHenroRitchie: please check out https://github.com/Jlevens/FoswikiVagrant
It builds an Nginx Foswiki install on a VM
Even if you do want to build the VM the script provided should at least give you some clues
Here's the bash install script: https://github.com/Jlevens/FoswikiVagrant/blob/master/fw-install.sh
This not only install's key missing dependencies it also creates the Nginx config required
I hope it helps
Feedback welcome
[08:18]
................................... (idle for 2h51mn)
***ChanServ sets mode: +o gac410 [11:12]
gac410alexlist: regarding registration with gmail, please check your spam / junk filtered mail. There is some issue with the way the foswiki domain generates email and gmail filters them as spam.
As far as debian packages go, the developer who was maintaining the .deb packages had taken a break from the project so we currently have nobody to maintain the .deb packages.
He has said he will be back, but in the meantime the only official source is the foswiki tarball that the project generates.
JulianLevens: I refreshed the Foswiki:Support.FoswikiOnNginx topic for Foswiki 2.0, including testing the process on a fresh ubuntu 14.04.3 install. But I'm not all that comfortable with nginx.
[11:14]
FoswikiBothttp://foswiki.org/Support.FoswikiOnNginx [ FoswikiOnNginx ] [11:18]
gac410I see you generate an nginx install on vagrant. If you could, please review the configs in the support topic, thanks. [11:18]
........ (idle for 36mn)
JulianLevensgac410: I've reviewed http://foswiki.org/Support.FoswikiOnNginx and it looks sane
HenroRitchie referenced http://www.mogilowski.net/lang/en-us/2012/02/15/install-foswiki-on-ubuntu-with-nginx/
That's the site I used to build my initial nginx site from, I would say that it's a good reference
I have learnt more about Nginx as required to tweak thing for the purposes of FoswikiVagrant
Of course now it's working I haven't looked at it in earnest for some time
I'm currently in the process of build a FW 2.0.x for work using FoswikiVagrant I need to extend it to install our standard plugins + solr + sort out sso
I have tested it using Hyper-V as the VM Host and we got it working albeit with an older Ubuntu for now
BTW: I have cloned all the Foswiki repos onto my host and running dependency scans and spotting errors. I'll be looking to fix those soon
[11:54]
***ChanServ sets mode: +o Lynnwood [12:05]
ChanServ sets mode: +o CDot [12:12]
ChanServ sets mode: +o Lynnwood__ [12:19]
HenroRitchieHi JulianLevens - thank you I will have a look. I only saw your messages now. The updated instructions by gac410 helped me immensly and I eventually got it up and running
Hi gac410 - your guide helped me a lot, thanks!
[12:31]
JulianLevensWell done, it took me a while the first time around [12:32]
HenroRitchie:) I must give credit where it is due, and I followed the update guide exactly - so now it is working
unfotunately I've managed to break foswiki using the sqlplugin.
[12:33]
JulianLevensOne of the advantages of Nginx to me is that the syntax was simpler. I feel I could get a grasp of the whole thing, whereas apache config syntax, well ... [12:34]
HenroRitchieany idea where MichaelDaum is?
but the change from apache to nginx can be daunting
[12:34]
***ChanServ sets mode: +o SvenDowideit [12:43]
.... (idle for 17mn)
HenroRitchieI have a problem with sql plugin. when calling %SQL% foswiki breaks with "Foswiki detected an internal error - please check your Foswiki logs and webserver logs for more information. Not a HASH reference" [13:00]
gac410HenroRitchie: I've never used that extension. Could you http://pastebin.com/ the traceback from your log so we can see where the error occurred? [13:08]
HenroRitchiegladly, which log? [13:09]
gac410Hm under nginx, I'm not sure where the stackdump would go. Either /var/log/nginx/foswiki-error.log or maybe working/logs/ ... Have to look around for the traceback [13:10]
HenroRitchieI have the /var/log/nginx/foswiki-error.log - I will paste the last couple of lines as the whole file is about 8 meg [13:11]
gac410with pastebin, be sure to set a short expiration, so it doesn't hang around forever, And sanitize it ;) [13:11]
HenroRitchieand by last i mean - the last couple of hours [13:11]
gac410er It should be 10-20 lines with module names and line numbers
not a hash ref at some module line n called by ..,. called by ,,.,, etc.
[13:11]
..... (idle for 20mn)
HenroRitchiehttp://pastebin.com/aM2f4Z2v
apologies for taking so long - had some data issues. I pasted the last half an hour.
I can't find anything "called by ..,. called by ,,.,, etc"
[13:32]
.... (idle for 16mn)
JulianLevensgac410: We have on github: CharsetConverterContrib and CharsetConvertorContrib
Which one should be deleted?
[13:49]
***ChanServ sets mode: +o SvenDowideit [13:55]
gac410Hi HenroRitchie now my turn to apologize - anyway, no errors there. Something else you could try - Create a bin/LocalLib.cfg (copy skeleton from bin/LocalLib.cfg.txt) And un-comment the line about $Foswiki::Asserts [14:01]
FoswikiBothttp://trunk.foswiki.org/System/PerlDoc?module=Foswiki::Asserts [14:01]
gac410Then restart your foswiki service. That *should* cause failures to be reported in full to the browser. [14:01]
HenroRitchie:) will do - no need for apologies [14:05]
gac410Item13563 (completely unrelated) has an example of what a traceback looks like [14:05]
FoswikiBothttp://foswiki.org/Tasks/Item13563 [ Item13563: Crashes in Search, Foswiki.pm and Render.pm for cUID mapped from uft8 WikiName ] [14:05]
HenroRitchieok, now the error changed to Not a HASH reference at /var/www/foswiki/lib/Foswiki/Plugins/SqlPlugin/Core.pm line 47. [14:09]
gac410okay. let me look at the code.
Check your lib/LocalSite.cfg .... What is $Foswiki::cfg{SqlPlugin}{AccessControl} set to?
[14:09]
HenroRitchiewhich one
the last of the first?
[14:12]
gac410??? There is more than one? [14:12]
HenroRitchiethere is 7 - localsite.cfg, localsite.cfg.1 - localsite.cfg.7 [14:13]
gac410Oh... the numbered ones are backups. Just LocalSite.cfg
Compare the $Foswiki::cfg{SqlPlugin}{AccessControl} line in LocalSite.cfg to the one in lib/Foswiki/Plugins/SqlPlugin/Config.spec My guess is that the new configure has messed up a rather complicated structure somehow.
[14:14]
HenroRitchie$Foswiki::cfg{SqlPlugin}{AccessControl} = [{'id' => 'foswiki','queries' => ['SELECT * FROM TABLE1','UPDATE TABLE1'],'who' => 'WikiUserOrGroup'}];
or could it be a simple matter of an extra s
the line in localsite.cfg refers to AccessControl
[14:16]
gac410extra s? [14:16]
HenroRitchiethe line in sqlplugin core on line 47 refers to accesscontrols
with an s at the end
[14:17]
gac410No... separate structure. [14:17]
HenroRitchieok
i will compare the files
[14:17]
gac410The left side is okay. It's something wrong on the right side I think. Not my plugin though Need MichaelDaum :( [14:18]
HenroRitchieyes - I was hoping to catch him here [14:18]
gac410Config.spec has it multi-line. But the multiline doesn't matter. [14:18]
HenroRitchiethere is a comma between } and ] in config.spec [14:23]
gac410That shouldn't matter either. it's okay to leave a comma on the last entry in a list [14:25]
HenroRitchieother that that it is the same [14:27]
gac410wtf. No. the error is correct. $Foswiki::cfg{SqlPlugin}{AccessControl} = [ that [ makes it an array, not a hash.
{} defines hashes [] defines arrays. I have no idea now.
[14:27]
foswiki_irc6anonymously :D
oops
[14:28]
gac410hi jmk0 [14:28]
jmk0actually () does hashes or arrays, [] is an anonymous array refererence, {} is an anonymous hash reference
but that's probably not what you meant by "i have no idea now" :D
which i misread as "how" rather than "now" oops
[14:28]
gac410okay. yeah, just the code expects a hash. %{$this->{accessControls}} = %{$Foswiki::cfg{SqlPlugin}{AccessControl}}
Where $Foswiki::cfg{SqlPlugin}{AccessControl} is defined as [ { }, ] an array of hashes
[14:30]
jmk0probably not what you want, but I think you can turn arrays into hashes, where even-numbered indexes are keys and odd indexes are values.... [14:31]
gac410true. [14:31]
jmk0might require something like map, but again that's probably not what you want :) [14:32]
gac410In this case I think I'd try to remove the outermost [ ] from the LocalSite.cfg definition.
$Foswiki::cfg{SqlPlugin}{AccessControl} = {'id' => 'foswiki','queries' => ['SELECT * FROM TABLE1','UPDATE TABLE1'],'who' => 'WikiUserOrGroup'};
But really it needs MichaelDaum. It could also be due to a newer version of perl being more particular about things
[14:32]
HenroRitchiewell done!
it works now
[14:33]
gac410If you could, please create a task under Foswiki:Tasks/SqlPlugin [14:34]
HenroRitchiebut this should probably become a task item for a permanent fix/change [14:34]
FoswikiBothttp://foswiki.org/Tasks/SqlPlugin [ SqlPlugin ] [14:34]
jastdoesn't really make sense either way
presumably the code should support arrayrefs instead
[14:34]
gac410yeah. it needs michael to figure out what he intended. Can't argue that's it's working now though :)
gac410 has to run out for a bit. back in an hour or two.
[14:35]
HenroRitchie:) lets hope I don't find other problems [14:35]
jastI have an older version of the code which works fine with the original arrayref [14:35]
HenroRitchiethanks gac410 - one day - when I make it 'big' and visit the states I'll buy you a whiskey [14:36]
gac410:) [14:36]
jastmy guess is with the current code access control won't actually work [14:37]
gac410JulianLevens: It appears as though CharsetConverterContrib is the right one. If you look at Extensions/CharsetConvertorContrib, it shows that it was renamed to Converter
We could probably kill the Convertor repository, but I'd want to check with Crawford first.
[14:51]
JulianLevensok [14:52]
pylearnerI am trying to implement SSO with foswiki but failing miserably I have apache restarting so all the configs do seem to work from here I don't know exactly what to do I guess to get authentication working properly [15:03]
....... (idle for 31mn)
gac410HenroRitchie, thanks for the task. I marked it to confirmed, and bumped it to Urgent, as the extension doesn't work with the default configuration, [15:34]
jmk0he left :) [15:35]
gac410yeah.. I saw. Left it for the logs, just to be polite :)
pylearner: When I saw SSO done, it was external to foswiki. Apache auth modules did the authentication and foswiki was just configured to use the apache determined credentials. Many ways to do all this. None of which I have access to any more. :(
[15:35]
...... (idle for 28mn)
***ChanServ sets mode: +o SvenDowideit [16:05]
pylearnergac410, have done ldap in past just not sso
I have an easier question I am getting a viewauth requires authentication
I think what I had done in the past is set apache as login manager and set password section to none
[16:05]
gac410Right. Passwords managed external to Foswiki. Probably also need "AllowLoginName" unless the external signin uses WikiNames as the login name [16:07]
pylearnerno [16:08]
gac410So if you are using TopicUserMapping, then the WikiUsers page needs to map WikiName to LoginName [16:08]
pylearnerok I will try it [16:08]
***ChanServ sets mode: +o CDot [16:09]
GithubBot[MultiSearchPlugin] KennethLavrsen pushed 1 new commit to master: http://git.io/vsTHW
MultiSearchPlugin/master 3b29728 KennethLavrsen: Item13624: Adding delay feature. Robust input checking. Better handling of intervals of months
[16:09]
***GithubBot has left [16:09]
FoswikiBothttp://foswiki.org/Tasks/Item13624 [ Item13624: MultiSearchPlugin should be more robust, handle relative month better, and support delay option ] [16:09]
pylearnergac410, where is allow login name?
i do have topusermapping
[16:09]
gac410If you are changing this with users already registered, and mappings & ACLs created, then you'll need to adjust topics. Changing this can be tricky in an existing installation.
hang on ... have to look
bin/configure Security and Authentication tab, Registration tab.
[16:10]
pylearnerok will go there [16:12]
gac410Changing that setting with already registered users will break thing! [16:13]
pylearnerstill getting viewauth error
I need to get past the viewauth error first :)
in the past when i did this
on ldap
it kinda did but did not
it would just allow anyone to login but they were not mapped to the user name but if they were in AD they could login
so i had to setup an apache ACL
to prevent this
[16:13]
gac410any script ending with auth needs to have Apache establish authentication.
Basically when foswiki accesses a topic from a guest, if that topic has ACLs, it redirects from view to viewauth, and expects apache to establish the users identity.
[16:14]
pylearneroh not really sure how to fix
would assume something in foswiki.conf
[16:15]
gac410So it's apache configuration, How are you doing the SSO. [16:16]
LavrHow are we supposed to deal with plugins using a PackageForm in the System web topic? That form does not exist in 1.1 so the plugin page looks like garbage in 1.1 [16:16]
gac410I *think* generally with sso, foswiki doesn't really do auth.
Lavr: Ask CDot :D
[16:16]
LavrI will revert my MultiSearchPlugin back to the old format then [16:17]
pylearnernow I just get you do not have permission to access /foswiki/ on this server
so maybe my sso isn't even working
[16:17]
gac410Lavr, if you revert to old form, then configure update wont' work I don't think [16:18]
LavrWhy not? All the normal old plugins still use the old form. [16:19]
CDotit's a chicken-and-egg problem. There is no "old form", there's a table embedded in the topic which isn't reliably readable. [16:20]
gac410pylearner: iirc when I did sso, years ago, we used a custom apache module that redirected to the sso site, then returned a token to apache that established identty. It was all custom. So I have no idea how your's works.
CDot: Lavr: would it be helpful to provide the PackageForm for older Foswiki's to install into System web?
[16:20]
CDotyou *can* have both the "old" table and the "new" form in the topic, however
gac410: yes, that was my intention
however you can't package it in the plugin, as that will overwrite the System version if you unpack using unzip.
[16:21]
gac410I've generally been removing the old table. It really messes up things. Some extensions have "Perl Version" as a table entry, which breaks configure. [16:22]
LavrBut people do not have the PackageForm in their 1.1.9 installation when they install a plugin in 1.1.9.
It is mess'
[16:22]
gac410Easiest would be to add a suggestion to the Extensions web, that people download Extensions.PackageForm into System web
Just needs to be done once.
[16:23]
CDotEasiest would be to freeze the Extensions web for 1.1.9 [16:23]
gac410Freeze it? Sorry, not following that one.
You mean copy Extensions to Extensions11 or something?
[16:23]
CDotwe have known for some time that there needs to be a way of establishing compatibility
taking a copy for 1.1.x would be one way
[16:24]
LavrHow will that work for 1.1.X users? I bet most users are still there. I sure am as long as 2.0 is as buggy as it is [16:24]
gac410Then everyone has to change their repositories config. [16:24]
CDotsome plugins are not compatible with 1.1.9 any more, and this will inevitably get worse [16:25]
gac410If we were going to have done something like that, we should have released Foswiki 2.0 pointing to Extensions2 or something [16:25]
CDot:-(
I did raise the issue, but no-one wanted to discuss it
and I was all out of hero coding juice by then.
I don't have any better ideas, I'm sorry
[16:25]
gac410There have been numerous proposals to fix Extensions web mess. We've lost too many devs. :( [16:27]
CDotyep [16:27]
LavrBy the way. Even in 2.0 the form does not work. I get an error AutoViewTemplatePlugin: Invalid template name ( Warning: Can't find named section viewtemplate in topic System.PackageForm ) - contains non-ASCII characters. [16:27]
gac410For now I think the easiest for Lavr and others is to just download Extensions.PackageForm and save into System web [16:27]
LavrOn top of ALL plugins using the new form [16:27]
CDotLavr: you are looking at foswiki.org/Extensions? [16:28]
gac410wtf? I added the check for non-ascii template names, but viewtemplate sure seems ascii to me. [16:28]
CDotor the System web of an installed system? [16:28]
LavrNo. System web in my own installation.
Why does this error pop up?
[16:28]
gac410Lavr, where are you seeing that error? [16:30]
LavrAt the top of the plugin topics in System web. All of them if they use the new form
In a yellow text box
[16:30]
CDotInsecure dependency in sysopen while running with -T switch at /usr/share/perl5/CGI/Session/Driver/file.pm line 107. [16:31]
gac410I'm not getting that on any of my installations. Foswiki.org doesn't either. [16:31]
CDotafter updating trunk [16:32]
LavrI have {Plugins}{AutoViewTemplatePlugin}{Mode} = section
Which means the plugin should not react at all inless there is a section in the form
[16:32]
gac410Darn... new bug. I've never tried that mode before.
Looks like the expand for an INCLUDE returns an error, which is then attempted to be used as a template name.
[16:33]
CDotbug in the plugin? [16:35]
LavrCan you see the bug George? [16:35]
gac410Ah before I forget. CDot, CharsetConvertorContrib. a stale repository (vs. CharsetConverter)... can we kill that repo on github?
Lavr, still looking
[16:36]
CDotgac410: isn't CharsetConvertorContrib the latest code?
CDot can't view any topics due to the taint problem :-(
[16:37]
gac410CDot: No, it's named CharsetConverterContrib (Converter, not Convertor) [16:40]
CDotokay, the misspelt one can go [16:40]
gac410Lavr, AutoViewTemplatePlugin line 145, add warn=\"off\"
The plugin I guess used to just try to use the warning as a template. I added the validation to reject illegal template names.
Okay CDot thanks. I'll kill it.
CDot: no idea on the taint issues. I've not run into that at all.
[16:40]
LavrGeorge that fixes it
gac410 there is a fresh Item13625 for you to check in that fix
[16:42]
FoswikiBothttp://foswiki.org/Tasks/Item13625 [ Item13625: AutoViewTemplatePlugin: Invalid template name ( Warning: Can't find named section viewtemplate in topic System.PackageForm ) - contains non-ASCII characters ] [16:43]
gac410I've been seeing some really strange "taint errors" that were not, CDot, not sure if it's strangness, in Taint::Runtime For ex, in PlainFileStore, renaming a web, with Taint::Runtime, sometimes Meta:: ref's are reported as not being a ref. [16:43]
CDot*sigh* [16:44]
gac410Lavr, thanks! [16:44]
pylearnerso I guess viewauth is complaining because I am unauthenticated
basically my tie into sso is not working at the moment
[16:45]
gac410CDot, I've got a bunch of stuff that needs your review. But I figured I'd be nice and not bug you fresh back from your vacation. :) [16:47]
***ChanServ sets mode: +o Lynnwood [16:47]
gac410the Meta ref that is not a ref is one of them [16:47]
CDotgac410: yeah, not feeling too good today so not in the best frame of mind
in fact, heading back to bed. l8r.
[16:47]
gac410Not much worse than coming back from a glorious vacation without email and facing a 2-week email backlog.
pylearner: yeah, sso can be a rather challenging slog. IIRC we ended up writing a custom LoginManager to handle the custom auth data passed back from our Apache sso implementation.
But I've been away from that for 5 years now, so memories are fading.
[16:48]
LavrI have implemented my SSO the most primitive way. Direct apache authentication against the corporate LDAP. 3 lines in the Apache config.
But it means you cannot use TemplateLogin. I do not really see that as an issue
I just releases 1.1 of my MultiSearchPlugin. It is incredibly fast even with many of them on same topic searching 1300 topics.
s/releases/released
[16:50]
gac410Y. Our mapper had to redirect to an "IT Managed" SSO site that then returned a custom auth token. Most of the logic was in the apache module provided by IT.
the Foswiki code just had to trigger the redirect and accept the returned credentials.
[16:53]
pylearnergac410, I will ping you when I get to the redirect part I have done LDAP forgot about the setting in registration but you are right that has to be set to sign up new users.
right now since I am not getting an sso login prompt the sso has to be the culprit
[16:56]
gac410pylearner: Not sure I'l be able to help much .. [16:56]
Lavrpylearner can you use the LDAP directly where you work? [16:57]
pylearnerLavr I can here is the thing though I used my exact same config settings
that I have used at 3 different work places
and it has to be the dang dn
no one seems to be able to give that info
so I was screw this it is going nowhere I will use sso
[16:58]
LavrThe lines I have in my apache config (anonymized)
AuthType Basic
AuthName "Login with your normal login ID and single sign on password"
AuthBasicProvider ldap
AuthLDAPURL ldap://url.mycompany.com:389/ou=People,ou=Intranet,dc=company,dc=com?uid?sub?(objectClass
last line was cut
AuthLDAPURL ldap://url.mycompany.com:389/ou=People,ou=Intranet,dc=company,dc=com?uid?sub?(objectClass=*)
[17:00]
GithubBot[distro] gac410 pushed 1 new commit to master: http://git.io/vskLH
distro/master 40b77a9 George Clark: Item13625: Don't use INCLUDE warning as a template name
[17:00]
***GithubBot has left [17:00]
LavrAnd you also need to add this in the bin section of the config
<FilesMatch "(attach|edit|manage|rename|save|rest|upload|mail|logon|.*auth).*">
Require valid-user
</FilesMatc
Apache needs to know to authenticate which bin files. Note that it should not include view
[17:01]
gac410(Or if using fcgi, it is a Location match, rather than a File match [17:01]
pylearneryep that was basically my config and have apache be auth password manager to none and the registration to allowloginname [17:01]
LavrSo I guess the missing info is ldap://url.mycompany.com:389/ou=People,ou=Intranet,dc=company,dc=com?uid?sub?(objectClass=*) [17:02]
pylearnerLavr, yes
:)
[17:02]
LavrYou need to find a top manager that will help you.
IT admins always think the universe rotates around them
[17:05]
Time to go home and spank wife. [17:10]
.............. (idle for 1h5mn)
pylearneris there a way with the default login to require user to reset password every X days [18:15]
gac410I don't think we have a password expiration mechanism
I don't see any plugins that implement password expiration either
[18:16]
....... (idle for 32mn)
pylearnerthe viewauth error what triggers this [18:52]
.............. (idle for 1h7mn)
gac410pylearner: Are you saying that the viewauth script is not getting authenticated because the user's password has expired?
With sso, foswiki has nothing at all to do with passwords or auth. It assumes that whatever mechanism exists ahead of foswiki handles all that.
[19:59]
pylearnergac410, thanks for the reply still troubleshooting [20:11]
gac410pylearner: basically apache provides field called REMOTE_USER. When using Apache Authentication, foswiki just queries that field for the current user. If it's not set, then you are not authenticated, and you are a guest. [20:15]
..... (idle for 22mn)
pylearnergac410, I got sso working but not integrated with the app
do you remember how you integrated
I am assuming I have to read the request headers
[20:37]
gac410We used lib/Foswik/LoginManager/ApacheLogin.pm as a template, and created our own actions for the redirect, and queriying the env. iirc
Unfortunately I was unable to bring any of that stuff with me as an example. So no examples
:(
[20:38]
pylearnerits ok
you are always helpful man no worries
so ApacheLogin module is default
where I am at is I have sso talking to apache just no integration with the app itself
do you know if a module exist to build this out?
I searched around ther was something for twiki I think
let me see if i can find
I think if I am authenticating there should be a way to redirect and if sso cookie is set then have viewauth not keep giving error
http://twiki.org/cgi-bin/view/Plugins/SsoLoginContrib
is there a way to modify that to tie the app in just replace all instances of twiki with foswiki maybe
[20:40]
gac410tbh I'm not sure how much we have diverged from twiki in this area.
That one was developed after the fork. Nobody has picked it up to work on porting it.
[20:47]
pylearnergac410 I can program
but never have modded a contrib to port over
I would think it would be a find all instances of Twiki ignore case with foswiki
then drop the modules where they go
like a recursive find and replace on all files
[20:48]
gac410Most of the conversion instructions are related to Plugins. Those tend to be a lot more complex. The LoginManager plugs in with it's own api. [20:49]
pylearnerso it will be no easy thing porting this contrib over you think
if I am able to then I can test and pass it off to you to share with foswiki community
[20:49]
gac410Our API was originally identical. But I have not tracked how we've changed. [20:50]
pylearnerI am prefork user btw
I will attempt doing via find/replace and let you know how it goes
[20:50]
gac410SSoLoginContrib looks pretty simple. Really just a single module. lib/TWiki/LoginManager/SsoLogin.pm [20:51]
pylearnerI am assuming I need something like this to plug into foswiki to get sso and foswiki talking [20:51]
gac410I don't really know. I know when I was at nortel we did our own. But it all really depends on how your sso is implemented. [20:52]
pylearnersso is working in apache so that is the first part the next part is get sso and foswiki working together then I will have to change user topic to hash table out the usernames with the corresponding wiki name
ok I will throw caution to the wind and try to get this working
[20:52]
gac410So that's a separate function ... the MappingManager. we continued to use TopicUserMapping, so that WikiUsers topic provided the mapping from WikiName to Loginname
You might try asking during europe working hours. jast has been doing a lot of work on auth managers.
[20:53]
pylearnercool thanks I may ping him
I will try to port this module over and see how it goes ideally though you think if I get this module integreted it should provide the talking between sso and the app
[20:57]
gac410The LoginManager API is pretty well defined. Documented in https://github.com/foswiki/distro/blob/master/core/lib/Foswiki/LoginManager.pm
Actually this is more readable: http://foswiki.org/System/PerlDoc?module=Foswiki::LoginManager
[21:00]
FoswikiBothttp://trunk.foswiki.org/System/PerlDoc?module=Foswiki::LoginManager [21:02]
pylearneron my sso I get a ping start page you mentioned something about a redirect
technically the sso is authenticated and gives me a session just cloudy on how to tie this in to login manager
I have the request headers
[21:11]
gac410gac410 starts to get fuzzy with all this :) But I don't see how it can provide you with a session. The session is stored in a CGI::Session and I don't know how you'd pass that between servers.
The flow is reasonably well documented in the TWiki plugin
[21:13]
pylearnerso trying to mod that TWiki plugin is my easiest path to victory here you think? [21:24]
gac410If the token flow implemented by the twiki plugin matches your required flow.
There really is not a lot of code in the LoginManager. So I'd say study their SSo loginmanager, and compare it to the Foswiki ApacheLogin implementation
[21:25]
.... (idle for 19mn)
pylearnerjust need to figure out how to pass credentials [21:45]
well the rename is not working on converting their code to be usable in foswiki :( [21:53]
.... (idle for 16mn)
well I got it to show up as a login manager [22:09]
...... (idle for 27mn)
well I can get the thing to show up in login manager but not in plugins
any thoughts?
[22:36]
...... (idle for 26mn)
gac410It's not a plugin. It should not be there. [23:02]
pylearnerok enjoy supper and the thing spits a ton of errors
do you think the CasLoginContrib could work?
[23:04]
.... (idle for 19mn)
gac410I really don't know. I'm very far away from enterprise auth type situations. Retired here, all I've got is my laptop and a few test vm's ;) [23:24]
pylearnergac410, congrats on retiring man
also I took the twiki contrib for sso as is
and just unzipped overwriting all the find replace stuff I did
and now uner extensions I have options
to edit
so maybe this will work
it is set now as TWiki:LoginManager:SsoLogin
is this ok for foswiki and you think the compatibility will still be there?
[23:24]
gac410Hm We have compatibility for plugins, (that is specifically TWiki::Plugins:: modules) I think you want it to be Foswiki::LoginManager::SsoLogin [23:27]
FoswikiBothttp://trunk.foswiki.org/System/PerlDoc?module=Foswiki::LoginManager::SsoLogin [23:27]
gac410Does the SsoLogin show up as an option in Login Managers in bin/configure [23:28]
pylearneroh wait it does show up as Foswiki::LoginManger::SsoLogin [23:29]
FoswikiBothttp://trunk.foswiki.org/System/PerlDoc?module=Foswiki::LoginManger::SsoLogin [23:29]
gac410Security & Authenticatoin: Login: LoginManager drop-down
Yes. That's how you enable a LoginManager. it is completely unrelated to Plugins
[23:29]
pylearnerok
so just unzipping and leaving all the TWiki stuff TWiki rather than recursively replacing I think worked to add this
bc this time I have options
[23:29]
gac410If the TWikiCompatibiltiyPlugin is enabled, then that inserts some shim layers to make other things work. [23:31]
pylearnerok I can only hope this seems promising
I know my sso is token based and that is what this plugin is suppose to handle
[23:31]
gac410The SsoLogin.pm module has very little in the way of tracing. What I usually is add print STDERR "stuff\n"; throughout to figure out what has been executed. [23:38]
pylearnerso just run the module from command line [23:38]
gac410No. Auth stuff probably has to be done from the web. [23:39]
pylearnergotcha i just went to a root dir and it gave a bunch of errors probably bc this thing isn't configured at all [23:39]
gac410STDERR will go to the Apache log /var/log/apache2/error.log .... or something like that dependeing upon your server. [23:39]
pylearnerso when I extract the plugin
now i have the settings for the contrib
[23:40]
gac410Right. That's because it gets picked up from lib/TWiki/Contrib/SsoLoginContrib/Config.spec
configure does look under both lib/TWiki and lib/Foswiki for settings.
Oh,.. are you running Foswiki 1.1.9 or Foswiki 2.0.1?
[23:41]
pylearnernot sure [23:43]
gac410It will tell you on System/WebHome, or System/InstalledPlugins [23:44]
pylearneri think 1.1.9 [23:44]
gac410Okay. I just installed the SsoLoginContrib on my 2.0.1 development system. The SsoLogin does *not* show up in the LogInManagers list, so that's not good. [23:45]
pylearneroh
its showing up for me not sure what I did I have done so much
I can work on this tonight with you from home I really want to see this working
just the plugin portion working
[23:46]
gac410If you copied it into your lib/Foswiki/LoginManager/ directory, that's why configure is finding it. [23:47]
pylearnerthat what i did
remember now
[23:48]
gac410And again, that's not a "plugin" That's going to confuse the heck out of everyone. It's a LoginManager. :) [23:48]
pylearneroh sorry [23:49]
gac410no problem. just figuring if you come back later to talk to other devs. [23:49]
pylearnerfrom your point of view will the login manager work or do you think it is going to blow up [23:50]
gac410I really have no idea. I do not believe it will work without modifications. [23:50]
pylearnerif I have the settings and the config parameters
maybe there is a change
chance
lol
[23:50]
gac410The settings are a minor part. The real question is the integration of the LoginManager/SsoLogin.pm into the Foswiki login process.
There are 100's of plugins, so we built a shim layer with TWikiCompatibilityPlugin. There are maybe 2-3 LoginManagers, so not much in the way of shims, etc.
I would think ... It needs to be set up as a Foswiki::LoginManager::SsoLogin in the module definition
[23:51]
pylearnerso you think for sure go and replace all instances of TWiki with Foswiki
for each file
do a sed
[23:53]
gac410well, there is actually only one active file. SsoLogin.pm [23:53]
pylearneroh
so the extension SSO Login Contrib settings section is kinda irrelevant
the SsoLogin.pm is what is doing all the work
[23:53]
gac410No... sorry, it needs the settings, and the LoginManager [23:55]
pylearnerwell let me find where the file that is calling up the parameters is and find replace all TWiki with Foswiki [23:55]
gac410The settings configure the LoginManager. "active" yes, SsoLogin.pm does the work But meaningful. right, Config.spec too. [23:55]
pylearnergotcha [23:55]
gac410lib/Foswiki/LoginManager/SsoLogin.pm [23:56]
pylearneryes i have that there
where should I have config.spec
really thinking I need to start over and manually place these files one by one bc now everything is jacked up
[23:57]
gac410I'm trying to see if I can make it compile on my system. I think it can stay where it unzipped to. [23:59]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)