← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 00:08 | talljoy joined #koha | |
| 00:47 | kellym joined #koha | |
| 01:19 | Francesca joined #koha | |
| 02:11 | Francesca joined #koha | |
| 03:08 | z0k_ joined #koha | |
| 04:37 | Francesca joined #koha | |
| 05:12 | Francesca joined #koha | |
| 05:36 | Francesca joined #koha | |
| 05:44 | Francesca joined #koha | |
| 05:55 | Francesca joined #koha | |
| 06:04 | Francesca joined #koha | |
| 06:15 | Francesca joined #koha | |
| 07:12 | Scott-CSPL joined #koha | |
| 07:12 | deb-CSPL joined #koha | |
| 08:07 | Francesca joined #koha | |
| 08:27 | liw | @wunder helsinki |
| 08:27 | huginn | liw: The current temperature in Helsinki, Finland is 1.0°C (10:20 AM EET on February 18, 2017). Conditions: Clear. Humidity: 81%. Dew Point: -2.0°C. Windchill: -4.0°C. Pressure: 29.77 in 1008 hPa (Falling). |
| 09:19 | deb-CSPL joined #koha | |
| 09:34 | z0k_ joined #koha | |
| 10:39 | cait joined #koha | |
| 11:03 | z0k_ joined #koha | |
| 11:45 | tcohen joined #koha | |
| 12:12 | cait1 joined #koha | |
| 12:14 | tcohen | morning |
| 12:27 | * cait1 | waves |
| 13:16 | stozza joined #koha | |
| 13:51 | stozza joined #koha | |
| 14:15 | stozza joined #koha | |
| 14:48 | tcohen | hi cait1 |
| 14:49 | have a nice w-e #koha | |
| 15:02 | kivilahtio | ashimema: Hi! Are you working on OAuth2 support in Koha? |
| 15:02 | ashimema: looking at batman's and Lee's work regarding the Mojolicious Plugins, having that done using Mojolicious looks like a low-hanging-fruit | |
| 15:03 | ashimema: we need it for the national OPAC. Or a solution similar to it | |
| 15:03 | ashimema: but I think OAuth2 is the bestest solution | |
| 15:04 | also Might implement SAML2-soon as we are getting some pressure from high-ups and nationally (legislation actually mandates us to implement SAML2-support) | |
| 15:05 | why not do them both while at the auth-madness :) | |
| 15:31 | jcamins | kivilahtio: because SAML will kill you? Friends don't let friends SAML? |
| 15:32 | kivilahtio | jcamins: haha |
| 15:32 | jcamins: thanks for the warning | |
| 15:32 | jcamins: unfortunately our suomi.fi use SAML to provide SSO for all public sector services | |
| 15:32 | and we are legally mandated to join the national "platform" | |
| 15:33 | jcamins: why do you think SAML is bad? | |
| 15:33 | jcamins | Actually, I've been lucky... I mostly only have to deal with OAuth2/OpenID Connect. |
| 15:33 | On the unlucky side, I've had to use a vendor which doesn't believe in backward-compatibility. | |
| 15:33 | It does not map well to modern web technology. | |
| 15:34 | kivilahtio | jcamins: hmm. What do you mean? I didn't find such issues? |
| 15:34 | tho I have very little experience with all these security-things | |
| 15:34 | jcamins | And it's one of those things that is a little bit different in every implementation. |
| 15:35 | kivilahtio | Luckily there is not so much to implement differently? |
| 15:35 | jcamins | There seems to be a surprising amount. |
| 15:36 | kivilahtio | I mean, you ask the idp if this user is authenticated, and ask for extra attributes if the user is authenticated. |
| 15:36 | if not authenticated, redirect to idp for authentication | |
| 15:36 | There is no standard for the user attributes, I guess this is where things can get complicated | |
| 15:37 | jcamins | Yeah. |
| 15:37 | That's where it was particularly painful in terms of lack of standardization. | |
| 15:37 | The fact that all SAML communication is done via POST is what I felt didn't work well with an OAuth2-centric model. | |
| 15:38 | kivilahtio | I understand |
| 15:38 | I guess you just need to relax your REST-pants | |
| 15:38 | jcamins | "Oh look, here's this blank page with some JS that is going to magically POST an XML file to a random third-party server." |
| 15:38 | kivilahtio | I hear ya |
| 15:38 | and using XML | |
| 15:39 | XML is so dead | |
| 15:39 | jcamins | Eh, I'm less concerned about purity and more concerned about the fact that it raises red flags in every hospital IT department anywhere. |
| 15:39 | kivilahtio | jcamins: are you sure you must use js to submit forms? |
| 15:40 | jcamins: I guess, since the SAML2-requests must originate from the user, not the server being accessed | |
| 15:40 | jcamins: but this is no different from Koha's login page? | |
| 15:41 | jcamins: you load the front-page. While loading it, ask the idp if the user is authenticated. If not, instead of the login-for, display a login-via-idp-link | |
| 15:41 | *instead of the login-form* | |
| 15:42 | there is an extra step for the user tho, but after the extra step, it is SSO everywhere | |
| 15:42 | but yeah. You do have a point. | |
| 15:43 | isn't this the same with OAuth? | |
| 15:43 | user is redirected to the auth-server where he gives the permissions for the 3rd party to act on his behalf? | |
| 15:44 | in SAML, he simply acts by himself | |
| 15:47 | jcamins: I wonder if you could redirect to the IDP via a http status 307... | |
| 16:05 | jcamins | kivilahtio: something just occurred to me... you're not implementing the IDP. I imagine if I weren't working on the IDP side, I'd be a lot happier. |
| 16:15 | kivilahtio | jcamins: I found simplesamlphp |
| 16:15 | jcamins: this is the reason why I am considering SAML2 | |
| 16:16 | we can have our own internal SSO using the nationally mandated standard | |
| 16:16 | then switch to the national IDPs when the time is ripe | |
| 16:17 | jcamins: but no. I am planning to use simplesamlphp as the idp. I managed to get it owkr and the php-code is something I can debug. | |
| 16:17 | owkr = work | |
| 16:18 | jcamins: have you worked on the idp-side? | |
| 16:25 | jcamins | kivilahtio: we use a third-party vendor as IDP, but I've been substantially responsible for making everything work together from the application point of view. |
| 16:25 | So dealing with implementation quirks, moving between applications, etc. | |
| 17:17 | jbeno joined #koha | |
| 18:08 | Dyrcona joined #koha | |
| 20:33 | jbeno joined #koha | |
| 22:03 | stozza joined #koha | |
| 22:17 | stozza joined #koha | |
| 22:27 | stozza joined #koha | |
| 23:17 | stozza joined #koha | |
| 23:19 | alexbuckley joined #koha |
← Previous day | Today | Next day → | Search | Index