How to change your Dataverse account to no longer use Institutional Log In

[Philipp at UiT]

The Dataverse User Guide says: "If you are leaving your institution and need to change your account back to a Dataverse account, you will need to contact support for the Dataverse installation you are using."

How should such cases be handled?

1. Should we ask the user to create a new account, and then relink the datasets to the new account?

2. Should we change the authentification mode in the database to internal?

3. Any other solution(s)?

Best,

Philipp

[Philip Durbin]

Hi Philipp,

Ah, you're reading http://guides.dataverse.org/en/4.5.1/user/account.html#how-to-change-your-dataverse-account-to-no-longer-use-institutional-log-in

That page doesn't link to http://guides.dataverse.org/en/4.5.1/installation/shibboleth.html#converting-shibboleth-users-to-local but maybe it should.

(Do you think it should?)

Here's what that "converting-shibboleth-users-to-local" section says:

Converting Shibboleth Users to Local
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Whereas users convert their own accounts from local to Shibboleth as described above, conversion in the opposite direction is performed by a sysadmin. A common scenario may be as follows:

- A user emails Support saying, "I left the university (or wherever) and can't log in to Dataverse anymore. What should I do?"
- Support replies asking the user for a new email address (Gmail, new institution email, etc.) to associate with their Dataverse account.
- The user replies with a new email address to associate with their Dataverse account.
- Support runs the curl command below, supplying the database id of the user to convert and the new email address and notes the username returned.
- Support emails the user and indicates that that they should use the password reset feature to set a new password and to make sure to take note of their username under Account Information (or the password reset confirmation email) since the user never had a username before.
- The user resets password and is able to log in with their local account. All permissions have been preserved with the exception of any permissions assigned to an institution-wide Shibboleth group to which the user formerly belonged.

In the example below, the user has indicated that the new email address they'd like to have associated with their account is "former.s...@mailinator.com" and their user id from the ``authenticateduser`` database table is "2". The API token must belong to a superuser (probably the sysadmin executing the command).

``curl -H "X-Dataverse-key: $API_TOKEN" -X PUT -d "former.s...@mailinator.com" http://localhost:8080/api/admin/authenticatedUsers/id/2/convertShibToBuiltIn``

Rather than looking up the user's id in the ``authenticateduser`` database table, you can issue this command to get a listing of all users:

``curl -H "X-Dataverse-key: $API_TOKEN" http://localhost:8080/api/admin/authenticatedUsers``

Per above, you now need to tell the user to use the password reset feature to set a password for their local account.

Hmm, at running https://opendata.uit.no you're running v. 4.3 build 23-b39c957 but I suspect it's a slight fork based on how the search "cards" look (no border). (If you could let me know if your fork is open source, I'll add a link to your fork to my spreadsheet.) Unfortunately, this means that you won't have access to that `convertShibToBuiltIn` API endpoint above until you upgrade to Dataverse 4.4 or newer. Here's the GitHub issue where I added it: https://github.com/IQSS/dataverse/issues/2915

In a nutshell, yes, the idea is to convert the account from a Shibboleth account to a local/builtin account.

I hope this helps!

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/df5fe457-eae8-4c9d-afc0-034384179451%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

[Philipp at UiT]

Thanks, Phil, for good advice. I'll have a look at it together with our system administrator. We are going to upgrade to 4.5 soon, so we'll fix the issue after upgrading. I also noticed that in version 4.5 users are prompted/asked to contact support when they leave the institution and no longer are able to use institutional log-in. This will make things smoother.

Best, Philipp

To post to this group, send email to dataverse...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/df5fe457-eae8-4c9d-afc0-034384179451%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Philip Durbin]

Yeah, we made a lot of small improvements to Shibboleth in Dataverse 4.4, code clean up to make it more production-ready. You can read about what was worked on in this "Shibboleth: Remote Authentication Phase 1 (issue #2939)" thread: https://groups.google.com/d/msg/dataverse-community/pTmHCBVRE3o/rASPXMJCFAAJ

We're actually working away on auth again... adding support for logging into Dataverse using ORCID, Google, and GitHub: https://github.com/IQSS/dataverse/issues/3338 . Time for me to get back to the code! :)

Phil

To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsubscribe...@googlegroups.com.

To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/df5fe457-eae8-4c9d-afc0-034384179451%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.

To post to this group, send email to dataverse-community@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/044cf593-afe4-4f71-963b-be614f7c4fc4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Philipp at UiT]

Log-in integration with ORCID, Google, and GitHub would be great. We are planning to push our university to introduce mandatory ORCIDs for all employees. By using theese institution-independent solutions user admin would be much easier in cases where employees quit our institution. Happy coding! :) Philipp

To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.

To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/df5fe457-eae8-4c9d-afc0-034384179451%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.

To post to this group, send email to dataverse...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/044cf593-afe4-4f71-963b-be614f7c4fc4%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.