2 13 2023 Tech Team Report - QualitativeDataRepository/TechnicalTeam GitHub Wiki

2-13-2023

Logged Tasks

                            Date             Task Hours (Main) Hours (EOLS) Hours (PII) Hours (QDAS)
6-Feb-2023 Reporting, update Drupal core to 9.5.3, xml sitemap module on dev/stage, changed out deprecated themes, added ckeditor5 on stage, uninstalled color, ckeditor, quick edit on dev/stage. Created oidc branch, added oidc module, keycloak plugin, investigated bugs/warnings, meeting 6
7-Feb-2023 Investigate LDAP connection to Keycloak, create read-only connection, test, update #9186 PR for review (contact email changes), #9195 curation command fix, investigate OIDC flow in Dataverse. 5
9-Feb-2023 Investigate Keycloak write to Ldap, user reg, extra attributes, export realm, investigate custom reg form items. 6
10-Feb-2023 Install Keycloak v20, import realm, read docs re: config, production config, themes, declarative profile feature. 7

Drupal

  • Updates to v9.5.3 and a new xml sitemap module version on dev/stage
  • Replaced deprecated themes (used in the admin pages - no change to user facing pages)
  • Added ckeditor5 on stage,
  • Uninstalled unused color, ckeditor, quick edit modules on dev/stage

SSO

  • Created Drupal oidc branch in github, created a pre-oidc dev database backup, added latest alpha OIDC module and keycloak plugin, investigated bugs/warnings
  • Investigated LDAP connection to Keycloak, created/tested a read-only connection
  • Read Keycloak Server/Developer manuals, investigated Keycloak write to LDAP functionality, user registration, adding attributes, customizing registration forms, production security
  • Installed Keycloak v20, imported customized realm from v16
  • Investigated 504 timeouts from aws/elb - did not find a fix
  • Investigated OIDC flow in Dataverse w.r.t. what's stored and the process of creating new accounts

Dataverse

  • Updated PR #9186 (separate contact email), PR #9195 (curate command fix) to allow QA/merging

Operations

Discussion

  • I'm seeing 504 timeouts on dev that come from the AWS ELB (server: awselb/2.0 according to the browser). They occur sometimes with Drupal (where dev does not aggregate the js and css calls so there can be a quick rush of requests) and now with the Keycloak admin console (again, lots of css and js calls being made - it isn't clear that Keycloak has a way to aggregate those). These occur after 10 seconds. I've checked the dev ELB settings that I know and don't see any timeouts that are less than 600 seconds, so I'm not sure where this is coming from. It may become a showstopper with the Keycloak v20 server.
  • It's not clear that it will be easy to keep the LDAP entries exactly as they are, e.g. with entries being posixAccounts, a unique numeric identifier has to be sent. We do this in custom code in Drupal, but I don't think we use it anywhere. Do we have requirements on LDAP beyond keeping the current SSO functionality?

Plans

  • SSO - continue to explore/build OIDC options
    • Try OIDC with Drupal
    • Investigate Keycloak to LDAP connection for new users, ability to handle registration, replace LDAP, etc.
    • Investigate SSO options
    • Investigate ways to simplify user interface (multiple clicks to get through Keycloak)
  • Matomo - help with transition from Google
  • AnnoRep - explore round-trip
  • Dataverse
    • Make PR for guestbook adding datasetversion fix, deploy to stage
    • Continue towards guestbook at request based on ADA's original work
    • Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
  • Drupal - v10 - review compatibility and start updates.
  • QDAS Previewer
    • Updates per request
    • Investigate writing aux file/previewing lower-sensitivity version and/or other write options
  • TBD: FRDR Security