Re: [dspace-tech] How to change other user's password

2019-01-28 Thread librarysystems . test 
Yes, now I see that a new button appears in the user's profile after this 
option is enabled and Tomcat restarted.  The "Login as E-Person" button 
allows an administrator to view the user's profile and reset the password 
in the web interface.  Thanks for pointing this out.

Glenn


On Monday, January 28, 2019 at 3:54:06 AM UTC-6, Claudia Jürgen wrote:
>
> Hi, 
>
> this is already possible, if you have configured: 
> webui.user.assumelogin = true 
> Then an admin can assume the identity of any other non-admin user and 
> reset the password in edit profile. 
>
> Hope this helps 
>
> Claudia Jürgen 
>
>
> Am 25.01.2019 um 22:07 schrieb librarysy...@gmail.com : 
> > I would like to propose that a method for changing a user's DSpace 
> password 
> > be added to the DSpace admin tools.  I know it is possible to change a 
> > password using the "forgot password" link, but that requires access to 
> the 
> > user's email.  In addition, it requires access to the "forgot password" 
> > link, which does not show up when the system uses only Shibboleth 
> > authentication.  In this case, a user that is actually a program signing 
> > into the Sword module might use DSpace password authentication, even 
> though 
> > that option is not available on the web interface.  So in order to get 
> the 
> > "forgot password" link, an administrator must enable password auth and 
> > produce an authentication menu which might confuse a normal user.  If 
> the 
> > program's email address is a list serve group, the members of the group 
> > have to be notified in advance not to click on the "reset password" link 
> in 
> > the upcoming email.  Finally, if the recipient is unlucky enough to have 
> > Microsoft Outlook Safelinks, the "reset password' link might not work at 
> > all. 
> > 
>
> -- 
> Claudia Juergen 
> Eldorado 
>
> Technische Universität Dortmund 
> Universitätsbibliothek 
> Vogelpothsweg 76 
> 44227 Dortmund 
>
> Tel.: +49 231-755 40 43 
> Fax: +49 231-755 40 32 
> claudia...@tu-dortmund.de  
> www.ub.tu-dortmund.de 
>
> Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie 
> ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für 
> diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender 
> und vernichten Sie diese Mail. Vielen Dank. 
> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen 
> ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher 
> Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines 
> solchen Schriftstücks per Telefax erfolgen. 
>
> Important note: The information included in this e-mail is confidential. 
> It is solely intended for the recipient. If you are not the intended 
> recipient of this e-mail please contact the sender and delete this message. 
> Thank you. Without prejudice of e-mail correspondence, our statements are 
> only legally binding when they are made in the conventional written form 
> (with personal signature) or when such documents are sent by fax. 
>

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] How to change other user's password

2019-01-25 Thread librarysystems . test 
I would like to propose that a method for changing a user's DSpace password 
be added to the DSpace admin tools.  I know it is possible to change a 
password using the "forgot password" link, but that requires access to the 
user's email.  In addition, it requires access to the "forgot password" 
link, which does not show up when the system uses only Shibboleth 
authentication.  In this case, a user that is actually a program signing 
into the Sword module might use DSpace password authentication, even though 
that option is not available on the web interface.  So in order to get the 
"forgot password" link, an administrator must enable password auth and 
produce an authentication menu which might confuse a normal user.  If the 
program's email address is a list serve group, the members of the group 
have to be notified in advance not to click on the "reset password" link in 
the upcoming email.  Finally, if the recipient is unlucky enough to have 
Microsoft Outlook Safelinks, the "reset password' link might not work at 
all.

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Re: Suddenly Sword Says "Unauthorized Credentials"

2019-01-25 Thread librarysystems . test 
This problem was caused by the Sword configuration on the DSpace server.  
Or, more precisely, the complete lack of configuration of the Sword 
module.  We moved the server from another host last summer, and that must 
be when the config got overwritten with the defaults.  Apparently, no one 
had tried to publish from Vireo until last week!  Once the Sword module was 
correctly configured, Vireo was able to connect.


On Thursday, January 24, 2019 at 4:30:54 PM UTC-6, librarysy...@gmail.com 
wrote:
>
> Further information:
>
> We seem to have got past "unauthorized credentials."
>
> Now Vireo says, "Unable to communicate with deposit location: 
> org.purl.sword.client.SWORDClientException: Received error from service 
> document request: Code: 400, Message: 'Bad Request'
>
> Using curl to browse to the Sword servicedocument URL gives this message: 
> "The requested URL /sword/servicedocument was not found on this server."
>
> Browsing to the same URL in Internet Explorer gives this message:  HTTP 
> Status 400 – Bad Request
> --
>
> *Type* Status Report
>
> *Message* Unable to recognise URL as a valid service document: 
> https://rctest.ourschool.edu/sword/servicedocument
>
> *Description* The server cannot or will not process the request due to 
> something that is perceived to be a client error (e.g., malformed request 
> syntax, invalid request message framing, or deceptive request routing).
> --
> Apache Tomcat/7.0.90
> - show quoted text -
>
> On Wednesday, January 23, 2019 at 10:55:26 AM UTC-6, 
> librarysy...@gmail.com wrote:
>>
>> We are using Vireo 3.0.6 (with Sword v1) and publishing to a DSpace 6.3 
>> repository.  Since updating the operating systems on both servers, Vireo 
>> can’t connect to the DSpace repository to deposit theses and 
>> dissertations.  The DSpace server is running Amazon Linux kernel 
>> 4.14.88-72.73.amzn1.x86_64, Tomcat 7 and Apache 2.2.  At first, the error 
>> message indicated a certificate error.  I replaced the cacerts files and 
>> the operating system CA files with the ones that existed prior to the 
>> update.  That fixed the certificate error, but now we get “unauthorized 
>> credentials” when testing the connection.  I tested the credentials by 
>> logging into the DSpace server’s web interface, and they are correct.  User 
>> permissions have not changed, so the deposit user should be authorized.
>>
>>
>> I also tested by browsing to the Sword servicedocument page.  The page 
>> produces a login box.  When I enter the credentials, the login box 
>> disappears, then reappears.  I don't know how to interpret this.  The 
>> Tomcat log records 401 errors.
>>
>>
>> I'm out of ideas for troubleshooting, would appreciate any suggestions.
>>
>>
>> Glenn
>>
>

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Re: Suddenly Sword Says "Unauthorized Credentials"

2019-01-24 Thread librarysystems . test 
Further information:

We seem to have got past "unauthorized credentials."

Now Vireo says, "Unable to communicate with deposit location: 
org.purl.sword.client.SWORDClientException: Received error from service 
document request: Code: 400, Message: 'Bad Request'

Using curl to browse to the Sword servicedocument URL gives this message: "The 
requested URL /sword/servicedocument was not found on this server."

Browsing to the same URL in Internet Explorer gives this message:  HTTP 
Status 400 – Bad Request
--

*Type* Status Report

*Message* Unable to recognise URL as a valid service document: 
https://rctest.ourschool.edu/sword/servicedocument

*Description* The server cannot or will not process the request due to 
something that is perceived to be a client error (e.g., malformed request 
syntax, invalid request message framing, or deceptive request routing).
--
Apache Tomcat/7.0.90
- show quoted text -

On Wednesday, January 23, 2019 at 10:55:26 AM UTC-6, librarysy...@gmail.com 
wrote:
>
> We are using Vireo 3.0.6 (with Sword v1) and publishing to a DSpace 6.3 
> repository.  Since updating the operating systems on both servers, Vireo 
> can’t connect to the DSpace repository to deposit theses and 
> dissertations.  The DSpace server is running Amazon Linux kernel 
> 4.14.88-72.73.amzn1.x86_64, Tomcat 7 and Apache 2.2.  At first, the error 
> message indicated a certificate error.  I replaced the cacerts files and 
> the operating system CA files with the ones that existed prior to the 
> update.  That fixed the certificate error, but now we get “unauthorized 
> credentials” when testing the connection.  I tested the credentials by 
> logging into the DSpace server’s web interface, and they are correct.  User 
> permissions have not changed, so the deposit user should be authorized.
>
>
> I also tested by browsing to the Sword servicedocument page.  The page 
> produces a login box.  When I enter the credentials, the login box 
> disappears, then reappears.  I don't know how to interpret this.  The 
> Tomcat log records 401 errors.
>
>
> I'm out of ideas for troubleshooting, would appreciate any suggestions.
>
>
> Glenn
>

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Re: Suddenly Sword Says "Unauthorized Credentials"

2019-01-24 Thread librarysystems . test 
Further information:

We seem to have got past "unauthorized credentials."

Now Vireo says, "Unable to communicate with deposit location: 
org.purl.sword.client.SWORDClientException: Received error from service 
document request: Code: 400, Message: 'Bad Request'

Using curl to browse to the Sword servicedocument URL gives this message: "The 
requested URL /uta-sword/servicedocument was not found on this server."

Browsing to the same URL in Internet Explorer gives this message:  HTTP 
Status 400 – Bad Request
--

*Type* Status Report

*Message* Unable to recognise URL as a valid service document: 
https://rctest.ourschool.edu/sword/servicedocument

*Description* The server cannot or will not process the request due to 
something that is perceived to be a client error (e.g., malformed request 
syntax, invalid request message framing, or deceptive request routing).
--
Apache Tomcat/7.0.90
On Wednesday, January 23, 2019 at 10:55:26 AM UTC-6, librarysy...@gmail.com 
wrote:
>
> We are using Vireo 3.0.6 (with Sword v1) and publishing to a DSpace 6.3 
> repository.  Since updating the operating systems on both servers, Vireo 
> can’t connect to the DSpace repository to deposit theses and 
> dissertations.  The DSpace server is running Amazon Linux kernel 
> 4.14.88-72.73.amzn1.x86_64, Tomcat 7 and Apache 2.2.  At first, the error 
> message indicated a certificate error.  I replaced the cacerts files and 
> the operating system CA files with the ones that existed prior to the 
> update.  That fixed the certificate error, but now we get “unauthorized 
> credentials” when testing the connection.  I tested the credentials by 
> logging into the DSpace server’s web interface, and they are correct.  User 
> permissions have not changed, so the deposit user should be authorized.
>
>
> I also tested by browsing to the Sword servicedocument page.  The page 
> produces a login box.  When I enter the credentials, the login box 
> disappears, then reappears.  I don't know how to interpret this.  The 
> Tomcat log records 401 errors.
>
>
> I'm out of ideas for troubleshooting, would appreciate any suggestions.
>
>
> Glenn
>

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

Re: [dspace-tech] Suddenly Sword Says "Unauthorized Credentials"

2019-01-23 Thread librarysystems . test 
Michael,

Thanks for the suggestion.  I checked the cert and got "Verify return code: 
21 (unable to verify the first certificate)".  I added the required 
CA-bundle and restarted Apache.  Now when I check the cert I get "Verify 
return code: 0 (ok)".

But Sword still says, "Unauthorized Credentials".

Glenn


On Wednesday, January 23, 2019 at 11:03:34 AM UTC-6, Michael Plate wrote:
>
> Hi Glen, 
>
> Am 23.01.19 um 17:55 schrieb librarysy...@gmail.com : 
> > We are using Vireo 3.0.6 (with Sword v1) and publishing to a DSpace 6.3 
> > repository.  Since updating the operating systems on both servers, Vireo 
> > can’t connect to the DSpace repository to deposit theses and 
> > dissertations.  The DSpace server is running Amazon Linux kernel 
> > 4.14.88-72.73.amzn1.x86_64, Tomcat 7 and Apache 2.2.  At first, the 
> > error message indicated a certificate error.  I replaced the cacerts 
> > files and the operating system CA files with the ones that existed prior 
> > to the update.  That fixed the certificate error, but now we get 
> > “unauthorized credentials” when testing the connection. 
> […] 
>
> did you check the cert chain via openssl ? 
>
>
> openssl s_client -connect your.server.name:443 -showcert 
>
>
>

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Suddenly Sword Says "Unauthorized Credentials"

2019-01-23 Thread librarysystems . test 


We are using Vireo 3.0.6 (with Sword v1) and publishing to a DSpace 6.3 
repository.  Since updating the operating systems on both servers, Vireo 
can’t connect to the DSpace repository to deposit theses and 
dissertations.  The DSpace server is running Amazon Linux kernel 
4.14.88-72.73.amzn1.x86_64, Tomcat 7 and Apache 2.2.  At first, the error 
message indicated a certificate error.  I replaced the cacerts files and 
the operating system CA files with the ones that existed prior to the 
update.  That fixed the certificate error, but now we get “unauthorized 
credentials” when testing the connection.  I tested the credentials by 
logging into the DSpace server’s web interface, and they are correct.  User 
permissions have not changed, so the deposit user should be authorized.


I also tested by browsing to the Sword servicedocument page.  The page 
produces a login box.  When I enter the credentials, the login box 
disappears, then reappears.  I don't know how to interpret this.  The 
Tomcat log records 401 errors.


I'm out of ideas for troubleshooting, would appreciate any suggestions.


Glenn

-- 
All messages to this mailing list should adhere to the DuraSpace Code of 
Conduct: https://duraspace.org/about/policies/code-of-conduct/
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Shibboleth Setup Trouble

2018-02-22 Thread librarysystems . test 
I'm trying to get Shibboleth to work with a new DSpace 6 installation on 
Centos 7 running Apache 2.4.  I have both password and Shibboleth 
authentication enabled.  This gives me the opportunity to hover over the 
Shibboleth login link.  The link shows this URL:

https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https%3A%2F%2Frc.library.ourschool.edu%3A8080%2F%2Futa-ir%2Fshibboleth-login

or, with all the placeholders exchanged:

https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https://rc.library.ourschool.edu:8080//ourschool-ir/shibboleth-login

When I click the link, our standard Shibboleth login box appears.  I enter 
credentials and then I get the error message:

"*No peer endpoint available to which to send SAML response*" 

The fellow who maintains the Identity Provider says it logs the 
AssertionConsumerServiceURL as:

*https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST* 


Putting two and two together, it seems the IdP can't contact the SP because 
it's trying to hit port 8080.  Since I have Apache doing reverse proxy, the 
IdP needs to hit the base URL, but I can't find a way to change it.  Here 
are the relevant lines from the Apache main config:

# Send requests for / to /ourschool-ir
RedirectMatch ^/$ /ourschool-ir
# Redirect http to https
Redirect permanent /ourschool-ir 
https://rc.library.ourschool.edu/ourschool-ir


And from the Apache virtual server config:


   # Configure Shibboleth for "lazy" authentication
AuthType shibboleth
ShibUseHeaders on
Require shibboleth


# Suggested by DSpace docs
 ProxyPass !
 SetHandler shib

ProxyPass /ourschool-ir 
http://rc.library.ourschool.edu:8080/ourschool-ir
ProxyPassReverse /ourschool-ir 
http://rc.library.ourschool.edu:8080/ourschool-ir



Any clues greatly appreciated.

Glenn

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] DSpace Shibboleth Setup Trouble

2018-02-22 Thread librarysystems . test 
I'm trying to get Shibboleth to work with a new DSpace 6 installation on 
Centos 7 running Apache 2.4.  I have both password and Shibboleth 
authentication enabled.  This gives me the opportunity to hover over the 
Shibboleth login link.  The link shows this URL:

https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https%3A%2F%2Frc.library.ourschool.edu%3A8080%2F%2Futa-ir%2Fshibboleth-login

or, with all the placeholders exchanged:

https://rc.library.ourschool.edu/Shibboleth.sso/Login?target=https://rc.library.ourschool.edu:8080//ourschool-ir/shibboleth-login

When I click the link, our standard Shibboleth login box appears.  I enter 
credentials and then I get the error message:

"*No peer endpoint available to which to send SAML response*" 

The fellow who maintains the Identity Provider says it logs the 
AssertionConsumerServiceURL as:

*https://rc.library.ourschool.edu:8080/Shibboleth.sso/SAML2/POST* 


Putting two and two together, it seems the IdP can't contact the SP because 
it's trying to hit port 8080.  Since I have Apache doing reverse proxy, the 
IdP needs to hit the base URL, but I can't find a way to change it.  Here 
are the relevant lines from the Apache main config:

# Send requests for / to /ourschool-ir
RedirectMatch ^/$ /ourschool-ir
# Redirect http to https
Redirect permanent /ourschool-ir https://rc.library.ourschool.edu/uta-ir


And from the Apache virtual server config:


   # Configure Shibboleth for "lazy" authentication
AuthType shibboleth
ShibUseHeaders on
Require shibboleth


# Suggested by DSpace docs
 ProxyPass !
 SetHandler shib

ProxyPass /ourschool-ir 
http://rc.library.ourschool.edu:8080/ourschool-ir
ProxyPassReverse /ourschool-ir 
http://rc.library.ourschool.edu:8080/ourschool-ir



Any clues greatly appreciated.

Glenn

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.