Evergreen ILS Website

IRC log for #evergreen, 2020-08-19

| Channels | #evergreen index | Today | | Search | Google Search | Plain-Text | summary | Join Webchat

All times shown according to the server's local time.

Time Nick Message
06:00 pinesol News from qatests: Testing Success <http://testing.evergreen-ils.org/~live>
06:49 agoben joined #evergreen
07:26 rjackson_isl_hom joined #evergreen
07:44 rjackson_ISL joined #evergreen
08:12 alynn26 joined #evergreen
08:14 rfrasur joined #evergreen
08:15 collum joined #evergreen
08:53 mmorgan joined #evergreen
08:53 mantis1 joined #evergreen
08:55 nfBurton joined #evergreen
09:05 dguarrac joined #evergreen
09:12 terranm joined #evergreen
09:12 mmorgan left #evergreen
10:05 terranm joined #evergreen
10:16 mantis1 This may be a very involved question.  We're working on our 3.4 upgrade and currently figuring out what's wrong with our carousel.  I'm using the instructions on how to use it with the Evergreen documentation. Anyway the main issue is we can't get it to display on our OPAC and we currently have a custom map as the main image.  I'm unsure if that's going to prove to be an issue.  Here's an example: ridgefield.biblio.org/eg/opac
10:20 csharp mantis1: this is our homesearch.tt2 template that loads the carousels: https://git.evergreen-ils.org/?p=evergreen/pi​nes.git;a=blob;f=Open-ILS/src/templates/opac/​parts/homesearch.tt2;h=9c7bbc5dc5980683b38cb6​86ea12f0c5c112e230;hb=refs/heads/rel_3_4_1
10:21 jvwoolf1 joined #evergreen
10:21 csharp mantis1: terranm (who is having internet trouble this morning) may be able to help too
10:26 mantis1 csharp: thank you I'll give it a shot
10:27 csharp mantis1: if you keep having trouble and can pastebin your templates and/or relevant DB rows, we can probably advise
10:46 Bmagic this is worth reading: https://tidbits.com/2020/08/17/t​he-case-of-the-top-secret-ipod/
10:57 mantis1 left #evergreen
11:00 mantis1 joined #evergreen
11:05 sandbergja joined #evergreen
11:05 collum_ joined #evergreen
11:20 sandbergja gmcharlt: JBoyer: terranm: mmorgan: what do you think about adding bug 1517298 to the 3.6 roadmap, and targeting it to 3.6 in launchpad?
11:20 pinesol Launchpad bug 1517298 in Evergreen "Catalogue should support Matomo, a privacy-sensitive alternative to Google Analytics" [Wishlist,New] https://launchpad.net/bugs/1517298
11:21 gmcharlt sandbergja: no objection
11:37 collum joined #evergreen
11:57 rjackson_isl_hom joined #evergreen
11:58 rjackson_ISL joined #evergreen
11:59 sandbergja joined #evergreen
12:07 jihpringle joined #evergreen
12:29 JBoyer sandbergja, +1 from me. Another +1 to your comments in the LP.
12:30 mrisher joined #evergreen
13:11 oleonard joined #evergreen
13:16 collum joined #evergreen
13:17 collum joined #evergreen
13:17 khuckins joined #evergreen
14:02 mmorgan joined #evergreen
14:05 knesbit joined #evergreen
14:54 sandbergja jeffdavis: I'm taking a look at bug 1850992
14:54 pinesol Launchpad bug 1850992 in Evergreen "Use RemoteAuth for EZProxy authentication" [Wishlist,New] https://launchpad.net/bugs/1850992 - Assigned to Jane Sandberg (sandbej)
14:55 sandbergja And everything is working well until after Evergreen authenticates and bumps me back to EZProxy
14:55 sandbergja Then EZProxy is complaining that it got sent an invalid URL
14:55 sandbergja (which seems odd, since isn't EZProxy the one who created the URL in the first place?)
14:56 sandbergja Do you happen to have an ezproxy config from your testing a few months ago?
15:09 ddisbro joined #evergreen
15:44 pastebot "jeffdavis" at 168.25.130.30 pasted "EZProxy config (I think)" (4 lines) at http://paste.evergreen-ils.org/10011
15:44 jeffdavis sandbergja: ^ I think that's the ezproxy config I was using
15:44 sandbergja thanks!
15:45 sandbergja let me give that a shot
15:58 sandbergja hmmm, still not working for me.  I just contacted EZProxy support; maybe they will have some ideas.  Maybe we have some odd EZProxy config?
15:59 jeff What's the actual error from EZproxy? Anything in messages.txt on the EZproxy host?
15:59 jeff What version of EZproxy are you using?
16:01 jeff also, you might already have it this way, but the config jeffdavis pasted goes in user.txt and the string <secret> needs to be replaced with your shared secret (and no < or > surrounding it).
16:02 jeff unless local circumstances suggest otherwise, I recommend putting the config snippet at the end of user.txt
16:02 jeff so that the last line of user.txt is:
16:02 jeff /Ticket
16:04 jeffdavis I'll double check the branch with our EZProxy, will need a little time to get it set up though
16:05 pastebot "sandbergja" at 168.25.130.30 pasted "This URL starts with an unsupp" (3 lines) at http://paste.evergreen-ils.org/10012
16:05 jeff depending on how well your clocks are sync'd, you might need to add a TimeValid directive to the user block, but the default appears to be... 60 minutes.
16:05 sandbergja ^ that is the message I got
16:05 sandbergja which has exactly one google search result, which was not very helpful
16:05 sandbergja Nothing in messages.txt!
16:06 * jeff looks at the branch
16:06 sandbergja I had it at the start of user.txt; I can try it at the end
16:06 sandbergja But jeffdavis' code doesn't modify the URL that ezproxy sends along in any way
16:07 sandbergja It really seems like ezproxy is sending invalid URLs
16:07 jeff what is OILSRemoteAuthEZProxyBaseURI set to in your apache config?
16:07 mantis1 left #evergreen
16:07 sandbergja lemme check
16:08 sandbergja https://ezproxy.libweb.linnbenton.edu
16:08 sandbergja As far as I can tell, that's not the URL that EZProxy is complaining about
16:08 sandbergja it's the weird hashed version of the URL of the database that the user is trying to access
16:09 sandbergja i.e. the ^R in ::CGI=http://auth.yourlib.org/ezpauth.cgi?url=^R
16:09 jeff can you paste the bit of your user.txt file that starts with ::CGI and ends with /Ticket?
16:09 sandbergja Oh, and we're on EZProxy 6.2.2
16:10 sandbergja yeah
16:11 pastebot "sandbergja" at 168.25.130.30 pasted "::CGI=http://alb-lib-coursemat" (5 lines) at http://paste.evergreen-ils.org/10013
16:11 sandbergja (and various permutations of that)
16:13 jeff i would recommend using https there... but that's probably not causing the current issue.
16:13 jeff (arguably we should require https and refuse to auth over http for this)
16:13 sandbergja true
16:13 jeff what is the starting point URL you're using to begin the testing? the link that you're following which goes to EZproxy and then prompts auth, etc?
16:14 sandbergja https://ezproxy.libweb.linnbenton.edu/login?url​=https://search.ebscohost.com/login.aspx?authty​pe=ip,uid&amp;profile=ehost&amp;defaultdb=a9h
16:14 sandbergja (which won't go to Evergreen atm, but I can switch it quickly if you want)
16:15 sandbergja (just don't want users to end up on a non-working login page)
16:15 sandbergja (but it's a slow day for Ezproxy today) :-)
16:19 jeffdavis Is something rewriting https://ezproxy.libweb.linnbenton.edu/login to https://login.ezproxy.libweb.linnbenton.edu ?
16:19 jeff ezproxy prefixes login. when using SSL
16:20 jeff but still expects it to end in /login for the login
16:20 jeff the prefixing of login is a workaround for if you have a wildcard-only cert that doesn't include the non-prefixed host.
16:20 jeff (if your cert is for *.ezproxy.example.edu and doesn't ALSO include ezproxy.example.edu)
16:22 jeff if you enable ticket auth and try to visit https://login.ezproxy.libweb.linnbenton.edu/menu in a fresh browser / incognito / etc do you log in and get to the ezproxy menu, or does it break somewhere?
16:26 jeffdavis Incidentally it is ok to use your production wskey on a test server if you want to set up a separate EZProxy instance for testing purposes, per https://help.oclc.org/Library_Management/EZpr​oxy/Install_and_update_EZproxy/EZproxy_WSKeys
16:26 sandbergja jeffdavis: good to know
16:26 * jeff nods
16:26 jeffdavis probably overkill in this specific case, but maybe useful if there is other testing you want to do
16:27 jeff depending on your environment it may not be possible to get certs and such. :-)
16:29 sandbergja jeff: I get to log in, but still get that goofy "unsupported url" error
16:36 jeff okay. are you in a position where you could use temporary test credentials and capture a HAR file and send it to me?
16:39 jeff (new incognito window, open dev tools, make sure "Preserve log" is checked, go to https://login.ezproxy.libweb.linnbenton.edu/menu and log in via ezproxy ticket auth, and once that's done and you get your error, right click any of the requests in the Network tab and select "Save all as HAR with content" (note that the HAR file will contain all content, including your credentials -- which is why I
16:39 jeff mentioned temporary test credentials)
16:39 jeff (and you can change/invalidate the credentials before sending the HAR file)
16:40 sandbergja sure
16:40 sandbergja those aren't actually real credentials on the evergreen side anyway :-)
16:52 jeff is it possible that OILSRemoteAuthEZProxyBaseURI is set to a value that ends in a forward slash character (/)?
16:56 jeff it looks like you're being directed to https://ezproxy.libweb.linnbenton.edu//lo​gin?user=USER&amp;ticket=TICKET&amp;url=
16:56 jeff (values redacted)
16:56 jeff and that should be generated by return "$base_uri/login?user=$user​&ticket=$ticket&url=$url";
16:56 sandbergja hahahahahahaha
16:56 jeff and base_uri should be the value of OILSRemoteAuthEZProxyBaseURI: my $base_uri = $r->dir_config('OILSRemoteAuthEZProxyBaseURI');
16:56 sandbergja that's it completely
16:56 sandbergja I'd updated the vhost file
16:57 sandbergja but never got around to restarting httpd
16:57 sandbergja jeff: thanks so much!
16:57 jeff you're welcome!
16:58 jeff we could document that you don't need/want a trailing slash in that variable, or we could strip it since we're going to be constructing a url with a / and we don't want //...
16:59 jeff sandbergja++ testing!
17:00 sandbergja documenting seems easy enough: just a comment above that line in the vhost config
17:00 sandbergja jeff++
17:00 sandbergja jeffdavis++
17:01 sandbergja And now I know about HAR files, and way more about ezproxy than I did this morning
17:01 jeffdavis yeesh
17:01 jeffdavis jeff++
17:01 jeffdavis sandbergja++
17:05 mmorgan left #evergreen
17:14 * jeff checks to see if the secret in use was actually "secret"...
17:14 jeff ...and it was! :-)
17:15 jeff (not recommended for production) :-)
17:19 sandbergja yeah...
17:23 jeff (not trying to give you grief, sorry!)
17:25 sandbergja you have relieved a lot of grief today, actually!
17:35 rjackson_isl_hom joined #evergreen
17:40 jeffdavis I'm tempted to say that if someone figures out how to use a known secret to generate an EZProxy ticket and access journal articles, they've kind of earned it
17:40 jeffdavis no doubt I would feel differently if I were in charge of licensing :)
17:41 sandbergja it's certainly a lot more sophisticated than just going to sci-hub
17:41 jeff it's also a patron privacy thing, since you can log in to a patron account with one of the proxied resources and see things like reading history, email addresses, etc.
17:43 jeffdavis that is a problem for sure
17:44 jeff also... where do you think scihub gets their data? i'd guess at least some of their scraping is via weak secrets and not just weak credentials. ;-)
17:45 jeffdavis arguably that falls under earning it :)
17:45 jeffdavis (for the record we do not use a weak secret and I am not advocating doing so)
18:01 pinesol News from qatests: Testing Success <http://testing.evergreen-ils.org/~live>
19:08 rjackson_isl_hom joined #evergreen
20:45 mrisher joined #evergreen
21:12 sandbergja joined #evergreen
21:12 sandbergja_ joined #evergreen
21:36 sandbergja joined #evergreen
22:01 sandbergja_ joined #evergreen
22:12 sandbergja_ joined #evergreen
22:19 sandbergja_ joined #evergreen
22:51 sandbergja_ joined #evergreen
23:30 sandbergja_ joined #evergreen
23:40 sandbergja_ joined #evergreen
23:47 sandbergja__ joined #evergreen

| Channels | #evergreen index | Today | | Search | Google Search | Plain-Text | summary | Join Webchat