12 18 2023 Tech Team Report

12-18-2023

Date	Task	Hours (Main)
11-Dec-2023	Reporting, meeting, investigate/try MFA on dev, merge latest v6.1/Globus code with qdr, deploy to dev, work on abstract	5
12-Dec-2023	Change mail address on stage, pre-deploy steps for 6.1 on prod - payara, solr installs, config, db setup	4
13-Dec-2023	Deploy Drupal, DV, Keycloak to prod, change links, update jvm options, add db passwd alias, configure payara mail, password, run reindex, debug java pref issue, find/update geo field changes, redeploy to dev/stage, fix stage robots for DV in nginx, coord, investigate Drupal t&c warning, fix, test, investigate root cause w.r.t. account name in Drupal, investigate/fix bot passive login redirects, deploy to stage, test.	7
14-Dec-2023	Deploy bot fix to prod, add any 'google' user agent, redeploy, verify dataset is indexable, restore idp and drupal robots.txt, finish DCM 2024 HEAL abstract, investigate username assignment, try overriding displayname	5
15-Dec-2023	Investigate accounts with name!=email, dates when problem started, verify changing display name helps, find/fix all places where account name was used, create function to fix cases where the T&C version wasn't updated in LDAP, test, deploy to dev/stage, submit abstract	6

Deploy latest Drupal, Keycloak 23.0, Dataverse 6.1-qdr w/ Payara 6.2023.11 and Solr 9.4 to prod,

Investigated turning on MFA on dev. Easy to flip the config for local accounts, but haven't figure out how to add it for social accounts yet, or how to see if MFA is already on for the social account itself.

Investigated/~fixed warning seen in Drupal. The underlying cause is that the OIDC module and/or Drupal itself truncate emails used as account names and OIDC also overrides the displayed name even if the account name is an email. This a) broke the code that updated the Terms & Conditions version (that a user has accepted) in LDAP and caused the warning, and b) made the Drupal people display show unclear subsets of the email and/or a last name, etc. as the username. The fix overrides the display name to show the full email and makes sure we use the email as the uid when contacting LDAP. I also added a batch method to update the T&C version in LDAP when it differs from what is in Drupal, which will restore accounts that were affected.

Merged final 6.1 updates and created v6.1-qdr branch, merged all 6.x updates into develop branch (was using a separate dev6 branch until prod was on 6.x)
Helped investigate/created fix for Google indexing issue - avoid passive login route for 'bot's and 'Google' related user-agents. (With the passive login try, there are redirects to idp.qdr.syr.edu which we robots.txt block, and, if you don't use cookies, the redirects just keep looping you around.) Fix deployed to dev/stage/prod.

Work on authentication issue #43(non-email account id, MFA, etc.)
Work on metadata issue #44 (more metadata to DataCite, etc.)
Fix Stata-14 ingest by allowing file inspection during direct upload or adjusting the Stata ingester.
Fix #113 if possible
Matomo - investigate event-level tracking via tag manager, remove non-working google scripts
AnnoRep - explore round-trip, configure auto-start and log rotation
Ops
- check missing globalidcreationdates and fix via /modifyRegistration or alternative
Dataverse
- Make PR for guestbook adding datasetversion fix
- Popup info accessibility - IQSS likes the recommendations from the source I linked to, so this can be implemented along those lines.
QDAS Previewer
- Updates per request
- Investigate writing aux file/previewing lower-sensitivity version and/or other write options
TBD: FRDR Security