WebAuth, EDS, and Shibboleth (Feb. 13, 2013)

Date: 
Wednesday, February 13, 2013

The main presentation file is the pdf attached to this node. There's also the "Elluminate" aka "Blackboard Collaborate" version linked below:

Mark Fischer says,

Here's the link for the Elluminate version of the presentation on Webauth, EDS and Shibboleth.

https://sas.elluminate.com/p.jnlp?psid=2013-02-13.1251.M.7E2DD44A23B8035...

My elluminate client locked up for the first couple of minutes, so I missed some of the chat room discussion and announcements I think. I do believe I captured all of my talk though.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Q & A

Q: What about "Grouper"?
A: [various sources]

Mark: It's there, but I don't know how to get your group into Grouper.

Gary Windham:
Grouper data is accessible via the EDS LDAP and REST APIs.
Today, only central data (e.g., course enrollment) is available via Grouper, but UITS will be rolling out Grouper to departments in the near future (hopefully by summer, 2013), to define and manage your own groups.

Other/unknown sources:
If your app needs information below the level of department number, you have to store that locally, OR access Catnet directly via LDAP.
Grouper refers to department-specific Catnet Groups.

Rebecca L Macaulay: http://sia.uits.arizona.edu/grouper

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Q: Can you test WebAuth using localhost on your machine?
A: On linux boxes you can edit your /etc/hosts file to point a particular address to your localhost. On windows, it has something to do with System 32 drivers.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Q: Can you *exclude* certain groups via your EDS account (like students)?
A: No, not on a person-by-person basis. If you are simply querying EDS via LDAP you can craft your query to include only certain types of people.
Data from REST, you can't do "Get everyone in department xxxx" but you can with LDAP.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Other info from chat:

Gary D Windham - 2:09 PM
FYI, just a couple of days ago, SASG released a new FERPA training site, which updates FERPA training status in EDS real-time

Rebecca L Macaulay - 2:35 PM
Question: Is there a REST server module available for Drupal comparable to the LDAP one? (better than LDAP module/as useful)

A:
Eugene W Lyman - 2:46 PM
Drupal Services module (3.x version) has a REST server component

Gary D Windham - 2:46 PM
@Rebecca: there is one (http://drupal.org/project/rest_client) but it is not recommended for production use.
See also: http://drupal.stackexchange.com/questions/42103/how-do-i-consume-rest-as...
2:46 PM

Gary D Windham - 2:48 PM
Would ya'll be interested in a JSON representation of EDS data (in addition to the current XML)?

Rebecca L Macaulay - 2:48 PM
yes!  

Gary D Windham - 2:49 PM
DSV/POI became DCC. DCCs, students, employees all have the base "member" edupersonaffilition
sagroups are student groups, managed in UAccess Student

William S Moomaw 1 - 2:52 PM
Anyone using the .Net CAS client on Windows Server 2012?

Gary D Windham - 2:52 PM
@Scott: I'm not sure if they're using the .Net client, but ResLife is doing lots of Shib w/ Windows/IIS...you might try contacting Matt Wyckoff
2:54 PM

William S Moomaw 1 - 2:56 PM
I have an older client working on 2003 R2, but using the current JASIG client on Server 2012 would be nice for future-proofing my applicatoins.

Gary D Windham - 2:57 PM
I'm sorry...I conflated Shib and WebAuth.   No, I don't know of anyone using the .Net CAS client
Grouper data is accessible via the EDS LDAP and REST APIs
3:00 PM

Rebecca L Macaulay - 3:01 PM
http://sia.uits.arizona.edu/grouper

Gary D Windham - 3:02 PM
Today, only central data (e.g., course enrollment) is available via Grouper, but UITS will be rolling out Grouper to departments in the near future (hopefully by summer, 2013), to define and manage your own groups

Gary D Windham - 3:09 PM
Ines Brown on the SA team manages student groups