Identity Provider 2012 Upgrade progress

From RavenWiki
Revision as of 11:34, 25 June 2012 by jw35 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page reports the status of the upgrade as it happens, to document any known problems and their resolutions, etc. Checking this page before reporting a problem may help reduce duplicate reports.

While this page can be edited by many people, please avoid editing it unless you are part of the upgrade team - persistent problems accessing library electronic resources should be reported to the University Library at lib-raven@lists.cam.ac.uk; persistent problems accessing any other site should be reported to the UCS Service Desk at service-desk@ucs.cam.ac.uk. Administrators of sites using Raven to control access are welcome to contact raven-support@ucs.cam.ac.uk.

2012-06-25 12.30
Status Summary
  • Split brain (Auth to old, Attrib to new):
    • https://scauth.scopus.com/ (Elsevier: Scopus) largely working but with an occasional problem; reported to shibbolethsupport@elsevier.com 2012-06-10 14:13; chased to nlinfo@scopus.com, shibbolethsupport@elsevier.com 2012-06-22 10:10; auto-response from nlinfo@scopus.com with 'THREAD ID:1-1FW1JLS' 2012-06-22 10:10; last seen 2012-06-25 01:43;
  • Some fallout as Ucam sites start to transition.
2012-06-22 22.09
Two failing requests from https://auth.elsevier.com/. This isn't the entityID apparently used for any of their production services, and really isn't in the UK federation metadata. Just a test?
2012-06-22 17.47
I believe we understand the Westlaw problem, and we have a work-around in place, and access seems to be possible.
2012-06-22 13.57
Start of phase 2 of the upgrade (transitioning local SPs) announced.
2012-06-22 10.11
Status Summary
2012-06-22 09.55
Apparently we don't actually subscribe to Engineering Village so the failure, while it still looks like a technical configuration, is moot.
2012-06-22 09.50
Spoke too soon - https://scauth.scopus.com/ is still failing occasionally.
2012-06-21 12.43
https://shib.ingramdigital.com/shibboleth (MyiLibrary.com) believe they have fixed their problem.
2012-06-21 12.00
Status summary
2012-06-21 12.00
2012-06-20 14.48
Status summary
  • Split brain (Auth to old, Attrib to new):
    • https://sp.uk-plc.net/shibboleth (@UK PLC); reported to matthew.brown@uk-plc.net, support@uk-plc.net 2012-06-19 12:06; auto-response 2012-06-19 14:05 ref #4038; last seen 2012-06-20 13:10;
    • https://shib.ingramdigital.com/shibboleth (MyiLibrary.com); reported to dmasales@myilibrary.com 2012-06-19 12:07; last seen 2012-06-20 00:19
    • https://scauth.scopus.com/ (Elsevier: Scopus) largely working but with an occasional problem; reported to sibbolethsupport@elsevier.com 2012-06-10 14:13; last seen 2012-06-20 10:52;
  • Split brain (Auth to new, Attrib to old):
    • None today - may be fixed
    • ewebproxy.westgroup.com; last seen 2012-06-19 16:21
    • d2-prod-gw.lexisnexis.com; last seen 2012-06-19 13:09
  • Other:
2012-06-20 12.41
Looks like access to Westlaw doesn't work. They seem to have transitioned and the exchange seems to complete as expected but westlaw reports "We are unable to log you into Westlaw UK at this time. Please try again. For further assistance please contact your subject librarian or Shibboleth administrator.". Under investigation.
2021-06-19 21.08
https://shibboleth.ovid.com/entity (Ovid) actually seems to have been working correctly from 14:33 onward.
2021-06-19 17.40
2021-06-19 17.40
Status summary
  • Engineering Village still failing - awaiting response to email query
  • https://shib.ingramdigital.com/shibboleth (MyiLibrary.com) still broken - last seen 17:26 - awaiting response to email query
  • https://sp.uk-plc.net/shibboleth (@UK PLC) still broken - last seen 13:45 - awaiting response to email query
  • https://sp.tshhosting.com/shibboleth (Thomson Scientific Inc: Thomson Reuters) looks to be fixed since 12:23
  • https://zetoc.mimas.ac.uk/shibboleth (MIMAS Zetoc Service) looks to be fixed since 12:51
  • The worrying logs mentioned below are at least partly the result of using browser 'back' button and hitting the TandC and attribute release pages - untidy but not a major problem.
  • Provider at ewebproxy.westgroup.com still broken - last seen 16:21
  • Provider at d2-prod-gw.lexisnexis.com still broken - last seen 13:09
    • Tomorrow I'll raise the logging level to try and capture the corresponding entityIDs and so find some technical contacts
  • 82 providers have at least partly transitioned; the new servers have authenticated 514 users
2012-06-19 12.28
Access to the Engineering Village Web site (https://evauth.engineeringvillage.com/shibboleth/login.html) is failing, apparently because of a mis-configuration at their end. I'll talk to their technical contact.
2012-06-19 12.20
I'm seeing a worrying number of log records implying that the new shib server is loosing track of who someone is between the various steps of an authentication request. I'm not sure how this will manifest to a user, but it's unlikely to be good. I'm investigating - it may be related to timeouts and (perhaps) the time it takes someone to complete the TandC and attribute release pages.
2011-06-19 11.50
4 providers - https://sp.tshhosting.com/shibboleth (last seen 11:04, Thomson Scientific Inc: Thomson Reuters); https://sp.uk-plc.net/shibboleth (last seen 10:32, @UK PLC); https://shib.ingramdigital.com/shibboleth (last seen 07:21, MyiLibrary.com); https://zetoc.mimas.ac.uk/shibboleth (last seen 03:28, MIMAS Zetoc Service) - are sending authentication requests to the old servers but attribute requests to the new ones. This won't work. I'll drop a line to the UK federation technical contacts for each asking them to fix their metadata.
Two providers, at ewebproxy.westgroup.com (last seen 06:00:32) and d2-prod-gw.lexisnexis.com (last seen 11:23:04) are doing the reverse. There's not much I can do about this because I have no way to identify appropriate contacts.
2012-06-19 08.20
Status summary: 31 providers have switched to using new servers, most apparently successfully. About 100 users have authenticated. Still a small number of errors being logged but with no obvious pattern - further investigation today.
2012-06-18 21.30
Status summary: A number of providers (17) are apparently successfully sending requests to the new servers. There are however a number of failures being logged. These may - as expected - be the results of mismatched metadata within particular SPs (resulting in different parts of an authentication exchange being sent to the old and new servers with resulting chaos when the state established by an initial request can't be found on a subsequent one). Things should be clearer in the morning. Providers apparently working include
John Wiley & Sons Limited: Wiley Online Library; SAGE Journals Online; Thomson Scientific Inc: Thomson Reuters; Oxford Journals; EBSCO Publishing, Inc; Test SP on mnementh.csi; University Computing Service; EDINA: Digimap (live); Stanford University: Oxford Medicine; Project MUSE; University Computing Service; BMJ Journals; Justis Publishing; Royal Society Publishing Organization; IEEE XploreDigital Library; Georg Thieme Verlag KG: Thieme eJournals; UK Data Archive
2012-06-18 18.43
First apparently-successful authentication via new IdP, from http://shibboleth.ebscohost.com
2012-06-18 18.25
Connection from a test SP (https://mnementh.csi.cam.ac.uk/shibboleth) forcing use of the updated UK federation metadata works.
2012-06-18 17.18
Revised metadata published by the UK federation
2012-06-18 13.02
UK federation Help Desk confirm that the new metadata will be published 'on the signing/publishing run this evening'. Friday's new metadata was published at about 17:50.
2012-06-18 11.44
Request submitted (Call 005005) to UK federation Help Desk for our metadata in the federation metadata file to be updated.
2012-06-15 10.34
This page created
Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Identity_Provider_2012_Upgrade_progress&oldid=2517"