OpenAthens integration

Bug #1842297 reported by Julian Clementson on 2019-09-02
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Evergreen
Wishlist
Unassigned

Bug Description

This is a new feature proposal, to provide integration between Evergreen and OpenAthens, a global cloud-based single sign-on service.

Background

The GALILEO Consortium of libraries in Georgia has selected OpenAthens to deliver a state-wide solution for single sign-on, and this contract includes integrating Evergreen into OpenAthens, so that PINES patrons can seamlessly access OpenAthens-authenticated resources.

The OpenAthens development team has been contracted to implement the integration on behalf of GPLS and demonstrated a proof of concept to selected representatives of the Evergreen community and the PINES consortium in July 2019. The aim is to get this feature accepted into an upcoming release so that it is ready for PINES to start using towards the end of the year.

DocuWiki page: https://wiki.evergreen-ils.org/doku.php?id=dev%3Aproposal%3Aopenathens_integration

Code and documentation ready for review:
https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jclementson/lp1842297_openathens_integration

Yamil (ysuarez) on 2019-09-02
tags: added: authentication
Changed in evergreen:
assignee: nobody → Julian Clementson (oajulianc)
status: New → In Progress
description: updated
tags: added: pullrequest
description: updated
Bill Erickson (berick) on 2019-10-01
Changed in evergreen:
milestone: none → 3.next
importance: Undecided → Wishlist
Changed in evergreen:
assignee: Julian Clementson (oajulianc) → nobody
Revision history for this message
Galen Charlton (gmc) wrote :

I would be interested in testing this. Is there any chance that a test OpenAthens system could be made available?

Changed in evergreen:
milestone: 3.next → 3.5-alpha
status: In Progress → Confirmed
Revision history for this message
Julian Clementson (oajulianc) wrote :

Thanks Galen, I'll find out if/when we can make an account available for testing. OpenAthens doesn't have the concept of free trial; test accounts are normally only created for customers who are in the process of onboarding. I know Chris Sharp will be interested in testing this. I'll find out more.

Revision history for this message
Chris Sharp (chrissharp123) wrote :

Found an issue testing this on a stock master machine. First-time install from the openathens-sso-integration branch installs the application layer code, but not the DB schema changes. I corrected that at the very tip of https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/csharp/lp1842297_openathens_integration. We will be testing this on realistic PINES data over the next few weeks.

Revision history for this message
Chris Sharp (chrissharp123) wrote :

Found another issue - the ADMIN_OPENATHENS permission needed to added to the perm list. Done in the same branch as above.

Revision history for this message
Julian Clementson (oajulianc) wrote :

Great to see you starting to test this Chris. I've confirmed that we're not in a position to set up test accounts for anyone who isn't already signed up to OpenAthens, so yours will be the tests that count. Let me know if you have any issues on the OpenAthens account side.

Revision history for this message
Chris Sharp (chrissharp123) wrote :

(Referencing https://git.evergreen-ils.org/?p=working/Evergreen.git;a=blob;f=docs/RELEASE_NOTES_NEXT/Administration/OpenAthens_SignOn.adoc;h=1c526d3d5093389247f2e7a3a0a014bec1b6171e;hb=refs/heads/user/csharp/lp1842297_openathens_integration)

After setting up the OpenAthens-side configuration, I entered a library account within Evergreen, then after not seeing it appear on the screen after save, I created it again. Then realized (duh) that the "+ Descendants" box was not checked, and when I attempted to delete the duplicate (Actions for Selected Rows -> Delete Selected), the row is not deleted and I see this in the JS console:

ERROR TypeError: "this.pcrud is undefined"
    deleteSelected https://example.org/eg2/en-US/5.154ad4ac26ce40a418c8.js:1
    performAction https://example.org/eg2/en-US/3.13e4e9d394b649459a22.js:1
    g https://example.org/eg2/en-US/3.13e4e9d394b649459a22.js:1
    handleEvent https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    handleEvent https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    na https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    Da https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    V https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    invokeTask https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
    onInvokeTask https://example.org/eg2/en-US/main.6d2a2c5a91d2be9f3634.js:1
    invokeTask https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
    runTask https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
    invokeTask https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
    m https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
    b https://example.org/eg2/en-US/polyfills.6a11e44a9ce83c8cb5ef.js:1
main.6d2a2c5a91d2be9f3634.js:1:193550

Revision history for this message
Julian Clementson (oajulianc) wrote :

I'll see if I can reproduce this when I have moment. I've basically just copied the crud process from one of the other library settings, so this is most likely an existing bug. It shouldn't prevent you testing the rest of OpenAthens functionality as it just takes the first setting it can find for the library if there are duplicates.

Changed in evergreen:
milestone: 3.5-beta → 3.5.0
Revision history for this message
Jane Sandberg (sandbej) wrote :

I added a rebased version of this branch at user/sandbergja/lp1842297_openathens_integration.

My branch:
* includes sign offs for Chris' commits. I'm not able to test the actual integration with OpenAthens, so I did not sign off on Julian's commit.
* bumps up the ID of the new permission
* fixes a small issue with the install SQL (a foreign key was declared before both tables had been created)
* fixes the issue with deleting entries in the UI noted by Chris in comment #6. Basically, Angular dependency injection does not play nicely with class inheritance, at least where Components are concerned. More info here: https://angular.io/guide/dependency-injection-in-action#inject-into-a-derived-class -- seems like a pretty obnoxious shortcoming in DI, actually!

Despite that fix, I think that a better way to handle the Angular interface would be to just rely on the auto-generated interface for config.openathens_identity. Julian: I noticed that you put the fields in the fm-editor into a more user-friendly order. The auto-generated UIs don't have that ability yet, but I don't think it would be difficult to add (my vote would be to take Bill's approach mentioned in this comment: https://bugs.launchpad.net/evergreen/+bug/1857351/comments/2). As soon as we add that ability to propagate fieldOrder through route data to the fm-editor, I think the auto-generated admin UI would be able to re-create all of the functionality of Julian's interface.

Revision history for this message
Julian Clementson (oajulianc) wrote :

Thanks Jane. I was just starting to think about how to get this moving again.

As it happens I'm learning Angular for some other projects as well now, so you DI fix makes sense.

Chris: I'm still available to guide you through OpenAthens testing when you have time. I hope we can get this signed off in good time for 3.6.

Revision history for this message
Jane Sandberg (sandbej) wrote :

Thanks, Julian! Yes, this feature has waited long enough. :-)

One request: would you be willing to write some tests for OpenAthens.pm? Here's our quick intro to testing Evergreen's perl code: https://wiki.evergreen-ils.org/doku.php?id=dev:contributing:qa#perl_unit_tests. Having some tests would make me feel more confident about the community's ability to maintain your code long-term.

Revision history for this message
Julian Clementson (oajulianc) wrote :

Jane: yes, I should get some time to add some tests in the next few weeks. The code relies on OpenAthens as a third party service but hopefully the test framework allows this to be mocked.

Changed in evergreen:
milestone: 3.5.0 → 3.5.1
Jane Sandberg (sandbej) on 2020-07-11
Changed in evergreen:
milestone: 3.5.1 → 3.6-beta
Revision history for this message
Julian Clementson (oajulianc) wrote :
description: updated
Revision history for this message
Julian Clementson (oajulianc) wrote :

Hi Jane,

I've finished adding Perl unit tests. I couldn't see any examples of Angular tests for any equivalent components so I haven't added anything there.

I've pushed to:
https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jclementson/lp1842297_openathens_integration

This also includes a couple of other fixes I made earlier in the year that you didn't have on your branch.

Revision history for this message
Julian Clementson (oajulianc) wrote :

Rebased again and updated adocs format for Antora

Changed in evergreen:
milestone: 3.6-beta → 3.next
Revision history for this message
Julian Clementson (oajulianc) wrote :

Pushed some recent fixes arising from PINES testing

Revision history for this message
Julian Clementson (oajulianc) wrote :

Fixed:
* a second enabled OpenAthens config was being ignored if there was a first OpenAthens config that was disabled. Docs have been updated to explain that only the first enabled connection will be used.
* optional patron attributes were being sent to OpenAthens with the wrong names.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers