<?xml version="1.0"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
  <channel>
    <title>Transition Technology: Ticket #153: Add a single sign on feature for TN.org</title>
    <link>http://localhost:8080/trac/ticket/153</link>
    <description>&lt;p&gt;
we need a single sign on (/ multi-site API) feature for TN.org for phase 3:
&lt;/p&gt;
&lt;ol&gt;&lt;li&gt;coherent links with the workspaces on workspaces.tn.org
&lt;/li&gt;&lt;li&gt;coherent links with other Transition sites - e.g. the incoming Transition drupal, other national hubs and possibly others
&lt;/li&gt;&lt;li&gt;some form of API sharing with things like facebook (not sure if this is the same thing but trying to capture some needs here)
&lt;/li&gt;&lt;/ol&gt;&lt;p&gt;
things looked at or recommended:
Openauth: &lt;a class="ext-link" href="http://oauth.net/"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://oauth.net/&lt;/a&gt;
CAS: &lt;a class="ext-link" href="http://drupal.org/project/cas"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/cas&lt;/a&gt;
SSO: &lt;a class="ext-link" href="http://drupal.org/project/sso"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/sso&lt;/a&gt;
&lt;/p&gt;
</description>
    <language>en-us</language>
    <image>
      <title>Transition Technology</title>
      <url>/trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg</url>
      <link>http://localhost:8080/trac/ticket/153</link>
    </image>
    <generator>Trac 0.12.5</generator>
    <item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Mon, 29 Nov 2010 15:21:44 GMT</pubDate>
      <title>milestone set</title>
      <link>http://localhost:8080/trac/ticket/153#comment:1</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:1</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;milestone&lt;/strong&gt;
                set to &lt;em&gt;Phase 3&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
further to meet &lt;a class="missing wiki"&gt;Jim/Ed?&lt;/a&gt;, oAuth looked at and requested (also as standard for other sites).
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Thu, 02 Dec 2010 16:12:43 GMT</pubDate>
      <title>priority changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:2</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:2</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;priority&lt;/strong&gt;
                changed from &lt;em&gt;major&lt;/em&gt; to &lt;em&gt;critical&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Wed, 08 Dec 2010 21:56:00 GMT</pubDate>
      <title>hours, totalhours changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:3</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:3</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.2&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.2&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
Hmmm....
&lt;/p&gt;
&lt;p&gt;
&lt;strong&gt;Hitch 1&lt;/strong&gt;
We must
EITHER: use an obsolete Drupal module version of oAuth (oAuth Common, no longer being worked on since oAuth 3 does its job) and existing good services (v2.4)
OR: we use an experimental version of Services (3.x alpha1) and a have a future-proof design. With bugs.
&lt;/p&gt;
&lt;p&gt;
I reckon we have to go with the future proof version and help fix the bugs...
&lt;/p&gt;
&lt;p&gt;
See &lt;a class="ext-link" href="http://drupal.org/project/oauth"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/oauth&lt;/a&gt; and &lt;a class="ext-link" href="http://drupal.org/project/services"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/services&lt;/a&gt;
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Wed, 08 Dec 2010 22:27:47 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/153#comment:4</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:4</guid>
      <description>
        &lt;p&gt;
Future proofing is the way forward naturally - the services node makes it explicit that it's only for those prepared to tinker.
&lt;/p&gt;
&lt;ol&gt;&lt;li&gt;i can't see any reference to oAuth on services node (while regularly referred to in social networks etc.)
&lt;/li&gt;&lt;li&gt;anything wrong with oAuth3?
&lt;/li&gt;&lt;/ol&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Thu, 09 Dec 2010 19:46:12 GMT</pubDate>
      <title>hours, totalhours changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:5</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:5</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;1.0&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;0.2&lt;/em&gt; to &lt;em&gt;1.2&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
BIG CAN OF WORMS... Still researching but from &lt;a class="ext-link" href="http://stackoverflow.com/questions/2033026/sso-with-cas-or-oauth"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://stackoverflow.com/questions/2033026/sso-with-cas-or-oauth&lt;/a&gt;:
&lt;/p&gt;
&lt;pre class="wiki"&gt;So, OAuth is not about Single Sign-On (nor a substitute for the CAS protocol). It is not about you controlling what the user can access. It is about letting the user to control how their resources may be accessed by third-parties. Two very different use-cases.
&lt;/pre&gt;&lt;p&gt;
In other words, no one-size fits all. Plus there are a bunch of oAuth-related modules and piss-poor documentation on Drupal.org.
&lt;/p&gt;
&lt;ul&gt;&lt;li&gt;&lt;a class="ext-link" href="http://drupal.org/project/oauth"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/oauth&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;&lt;a class="ext-link" href="http://drupal.org/project/oauthconnector"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/oauthconnector&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;&lt;a class="ext-link" href="http://drupal.org/project/connector"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/connector&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;&lt;a class="ext-link" href="http://drupal.org/project/oauthloginprovider"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/oauthloginprovider&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;&lt;a class="ext-link" href="http://drupal.org/project/services"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/services&lt;/a&gt;
&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;
Going to come back to this with a clear head...
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Fri, 10 Dec 2010 08:50:23 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/153#comment:6</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:6</guid>
      <description>
        &lt;p&gt;
suggest leaving oAuth and re-focusing on the first use case for this, which is to enable a single sign on that works between workspaces and the main site then. could file this under a classic case of user suggesting unsuitable answer to simple use case for now? workspaces and main site seamless login utterly vital...
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Mon, 13 Dec 2010 23:38:33 GMT</pubDate>
      <title>hours, totalhours changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:7</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:7</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;2.0&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;1.2&lt;/em&gt; to &lt;em&gt;3.2&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
Went with CAS as per email...
&lt;/p&gt;
&lt;p&gt;
It's kind of working on DEV - if you go to &lt;a class="ext-link" href="http://workspaces.dev.transitionnetwork.org.webarch.net/"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://workspaces.dev.transitionnetwork.org.webarch.net/&lt;/a&gt; and try to log in (notice the new block) then you're taken to the main dev site, then you log in, but then though you're logged in there's an access denied error... Logged in though. Hmm...
&lt;/p&gt;
&lt;p&gt;
BUT importantly the SSO is working, even though it's not that user friendly with the access error.
&lt;/p&gt;
&lt;p&gt;
Will continue to play/debug/cry...
&lt;/p&gt;
&lt;h2 id="SERVERnote"&gt;SERVER note&lt;/h2&gt;
&lt;p&gt;
Had to install Curl and phpCAS to get his working on DEV:
&lt;/p&gt;
&lt;ul&gt;&lt;li&gt;sudo apt-get install curl php5-curl
&lt;/li&gt;&lt;li&gt;sudo pear install &lt;a class="ext-link" href="http://downloads.jasig.org/cas-clients/php/1.2.0/CAS-1.2.0.tgz"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://downloads.jasig.org/cas-clients/php/1.2.0/CAS-1.2.0.tgz&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;sudo /etc/init.d/apache2 restart
&lt;/li&gt;&lt;/ul&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Thu, 06 Jan 2011 17:39:41 GMT</pubDate>
      <title>status changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:8</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:8</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;status&lt;/strong&gt;
                changed from &lt;em&gt;new&lt;/em&gt; to &lt;em&gt;accepted&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
Modules coming to LIVE tonight... will play in DEV further.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Mon, 10 Jan 2011 14:56:41 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/153#comment:9</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:9</guid>
      <description>
        &lt;p&gt;
Working - a bit ugly - needs a few more hours on LIVE - and changing button text and re-directing users to the correct page.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Fri, 14 Jan 2011 15:53:54 GMT</pubDate>
      <title>hours, totalhours changed</title>
      <link>http://localhost:8080/trac/ticket/153#comment:10</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:10</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.15&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;3.2&lt;/em&gt; to &lt;em&gt;3.35&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
CAS module updated on DEV, still getting this 'Access denied' BS...
&lt;/p&gt;
&lt;p&gt;
See: &lt;a class="ext-link" href="http://drupal.org/node/420982"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/node/420982&lt;/a&gt; and &lt;a class="ext-link" href="http://drupal.org/project/issues/cas?text=access+denied&amp;amp;status=Open&amp;amp;priorities=All&amp;amp;categories=All&amp;amp;version=All&amp;amp;component=All"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/issues/cas?text=access+denied&amp;amp;status=Open&amp;amp;priorities=All&amp;amp;categories=All&amp;amp;version=All&amp;amp;component=All&lt;/a&gt;
&lt;/p&gt;
&lt;p&gt;
Will weigh in on CAS issues list.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Thu, 27 Jan 2011 19:30:20 GMT</pubDate>
      <title>status, priority, totalhours, type, hours, milestone changed; resolution set</title>
      <link>http://localhost:8080/trac/ticket/153#comment:11</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:11</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;status&lt;/strong&gt;
                changed from &lt;em&gt;accepted&lt;/em&gt; to &lt;em&gt;closed&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;priority&lt;/strong&gt;
                changed from &lt;em&gt;critical&lt;/em&gt; to &lt;em&gt;major&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;3.35&lt;/em&gt; to &lt;em&gt;3.5&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;type&lt;/strong&gt;
                changed from &lt;em&gt;enhancement&lt;/em&gt; to &lt;em&gt;task&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.15&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;milestone&lt;/strong&gt;
                changed from &lt;em&gt;Phase 3&lt;/em&gt; to &lt;em&gt;Phase 4&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;resolution&lt;/strong&gt;
                set to &lt;em&gt;fixed&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
As discussed with Ed: Ed will see what the deal is with users being kicked out...
&lt;/p&gt;
&lt;p&gt;
Sit Rep: Same as above, module WORKS but redirects to a 'access denied' page, thus falling at the last hurdle. Logins work, everything is groovy, user experience BAD...
&lt;/p&gt;
&lt;p&gt;
Will add my voice to the issues list at &lt;a class="ext-link" href="http://drupal.org/project/issues/cas"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupal.org/project/issues/cas&lt;/a&gt;
&lt;/p&gt;
&lt;p&gt;
If time, will debug the module, but can't easily because of the need for SSL that's not present on my machine.
&lt;/p&gt;
&lt;p&gt;
Pushing to Phase 4 - apols Ed if this isn't what you meant earlier...
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Thu, 27 Jan 2011 19:57:52 GMT</pubDate>
      <title>status changed; resolution deleted</title>
      <link>http://localhost:8080/trac/ticket/153#comment:12</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:12</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;status&lt;/strong&gt;
                changed from &lt;em&gt;closed&lt;/em&gt; to &lt;em&gt;reopened&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;resolution&lt;/strong&gt;
                &lt;em&gt;fixed&lt;/em&gt; deleted
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
didn't mean to close.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Fri, 17 Jun 2011 12:11:04 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/153#comment:13</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:13</guid>
      <description>
        &lt;p&gt;
is this going to be related in some way to &lt;a class="assigned ticket" href="http://localhost:8080/trac/ticket/262" title="innovation: US users adding Ini profiles through the US site (assigned)"&gt;#262&lt;/a&gt;?
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Wed, 22 Jun 2011 18:17:45 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/153#comment:14</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:14</guid>
      <description>
        &lt;p&gt;
&lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/263" title="maintenance: Module and drupal updates (closed: fixed)"&gt;#263&lt;/a&gt; (updates) and &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/224" title="defect: Add Varnish cache (closed: fixed)"&gt;#224&lt;/a&gt; (varnish) will remove Secure Pages and might make this work better... Will revisit at the end.
&lt;/p&gt;
&lt;p&gt;
Might well be handy for TUS stuff.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>ed</dc:creator>

      <pubDate>Tue, 13 Sep 2011 15:28:09 GMT</pubDate>
      <title>status changed; resolution set</title>
      <link>http://localhost:8080/trac/ticket/153#comment:15</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/153#comment:15</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;status&lt;/strong&gt;
                changed from &lt;em&gt;reopened&lt;/em&gt; to &lt;em&gt;closed&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;resolution&lt;/strong&gt;
                set to &lt;em&gt;wontfix&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
closing for now as likelihood will be to use third party authentication service from FB, Google to get PSE off the ground...
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item>
 </channel>
</rss>