--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/040b35db-c81f-4011-b88c-6549d2cf6574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hi Alex,
I'm glad you've made so much progress! Good job.
Here are the most relevant GitHub issues:
- Shibboleth Groups: arbitrary attributes and regex support - https://github.com/IQSS/dataverse/issues/1515
- Automatically add a shib group when a user from a new institution first logs in - https://github.com/IQSS/dataverse/issues/1403
If you're interested in implementing either or both of these, great! I'm especially interested in knowing what values you expect to store in eduPersonScopedAffiliation (please consider adding examples to #1515). Personally, I'd probably make the creation of groups manual to start and worry about automating that part later.
I hope this helps!
Phil
On Tue, Feb 28, 2017 at 6:38 PM, Alexander Ivanov <al...@calmforce.com> wrote:
Hi all,
Here at QDR we've made a lot of progress in configuring our Shibboleth IdP and SP to provide a Single Sign On solution for our Dataverse/Drupal integration.
Our user accounts are created via forms on the Drupal site, which create records in an LDAP directory that stores the user information that is then used by the IdP for authentication. I would like to use an LDAP field to store each user's roles, so that upon logging into Dataverse for the first time- when a user's account is created- it is also assigned the appropriate roles.
I've looked through the Dataverse Shibboleth documentation and haven't found much that pertains to assigning roles to users upon account creation. What would we need to do to implement this functionality? If a list of roles was stored in a Shibboleth attribute, such as eduPersonScopedAffiliation or an attribute with a custom name, how can I get Dataverse to assign these roles to a newly generated user account?
Please send over your suggestions. Thanks in advance.
My Best,
Alex
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/040b35db-c81f-4011-b88c-6549d2cf6574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CAHDVj4DsCH7%2BgwFtn4XtSkTAVAtOx5qJwrfk%2BHLSh%2BN%2Bedv9%2Bw%40mail.gmail.com.
I bet you could hack something together using scripts that hit with existing Dataverse APIs, which allow you to grant roles to users (and groups) at the dataverse and dataset level.
I find the documentation a bit lacking, but you can find it at http://guides.dataverse.org/en/4.6/api/native-api.html#roles and http://guides.dataverse.org/en/4.6/api/native-api.html#dataverses
In practice, I write helper methods when using these API endpoints. I'd suggest taking a peek at the following methods...
- grantRoleOnDataset
- grantRoleOnDataverse
- getRoleAssignmentsOnDataverse
- getRoleAssignmentsOnDataset
- revokeRole
... at https://github.com/IQSS/dataverse/blob/v4.6/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java
Basically, you'd write scripts to query your Identity Provider and then assign roles on the Dataverse side. You'll need to know the "identifier" for the user on the Dataverse side to assign a role (@jsmith or whatever) but there's an API you can query to get a list of Dataverse users as JSON (listAuthenticatedUsers helper method).
I hope this helps!
Phil
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CAHDVj4DsCH7%2BgwFtn4XtSkTAVAtOx5qJwrfk%2BHLSh%2BN%2Bedv9%2Bw%40mail.gmail.com.
--
Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HZhAa%2B3ddPW%2Bu_fAkU_3wF9RpLf2VTpbhWZSietSOPCw%40mail.gmail.com.
Hi Alexander,We're using postgres triggers for the same task, it allows to accomplish what you want without modification of the source code.Best,Slava
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/040b35db-c81f-4011-b88c-6549d2cf6574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/ee1937b3-2543-488f-b567-4f121503fa18%40googlegroups.com.
DROP TRIGGER IF EXISTS group_trigger on explicitgroup;
CREATE TRIGGER group_trigger AFTER INSERT ON explicitgroup
FOR EACH ROW EXECUTE PROCEDURE groupmonitor();
CREATE OR REPLACE FUNCTION groupmonitor() RETURNS TRIGGER AS $group_table$
BEGIN
insert into explicitgroup_authenticateduser select e.id, a.id from explicitgroup as e, authenticateduser as a where e.displayname=a.affiliation and NOT EXISTS (select 1 from explicitgroup_authenticateduser where a.id = containedauthenticatedusers_id and e.id = explicitgroup_id);
RETURN NEW;
END;
$group_table$ LANGUAGE plpgsql;
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/040b35db-c81f-4011-b88c-6549d2cf6574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/040b35db-c81f-4011-b88c-6549d2cf6574%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/CABbxx8HKNgUK-nOg%2BZZAJR9mYa6DgZ_tattr30QbD-Qz5TLUfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsubscribe...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/ee1937b3-2543-488f-b567-4f121503fa18%40googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "Dataverse Users Community" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dataverse-community/9uGLfUazWxU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/1b721cb8-3c42-4403-8625-d92e3fdad1ab%40googlegroups.com.
Valentina,
QDR has implemented single sign on across Drupal and Dataverse, but it hasn’t moved forward with assigning groups. As part of SSO, we added another shibboleth attribute to the set that Dataverse can read, which we use to store/convey the version of a ‘terms and conditions’ document a user has signed. I expect something similar could be done to read an attribute related to affiliation and assign the group, but that would take new code. I think I talked with Slava about their code at the 2018 Dataverse meeting, but we didn’t implement anything.
-- Jim
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
dataverse-commu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/dataverse-community/ffd19ac6-9687-46ae-971c-21fd50948822%40googlegroups.com.