Metadirectory Technical Status Meeting

http://fsuid.fsu.edu/admin

6/28/2005

• Project Status
• Gave FSUID talk at SER EDUCAUSE (PPT at http://fsuid.fsu.edu/admin)
• Added new attribute: fsuEduEmergencyContact; being fed from PSHR data and displayed in Helpdesk utility IFF fsuEduHRConfidential is not Y or L.
• Breeze wants to “retire” radius1.acns.fsu.edu & bring up mdsacns1.fsu.edu in the ring; will require some coordination.
• www.fsu.edu: Tom is ready to connect directory.fsu.edu/search and the Bb “authentication required” student email search
• CARS ßà FSUID status:
• CARS account creates now go through fsuid.fsu.edu
• SSH’d the data via a permanent ssh tunnel between mdsoti & register.acns.fsu.edu
• Still need:
• Mechanism for creating UUIDs from newer HR/student data
• Mechanism for setting free dialup access
• Mechanism for vacation notification
• Mechanism for setting email forwarding
• Mechanism for setting email privacy flag
• Tweaks to load-mods-mds.pl (disable FSUID creation of non-UUID CARS accounts so inadvertent “renames” don’t occur)
• FSUID ßà Win AD identity management work for UCS TEC, US WSG & College of Medicine.  TEC is in production; College of Medicine & WSG are in test.
• “Bb as Portal”: Rather than re-do FSUID into native Bb would like to propose modifying the Perl code so that it only runs under Bb (except for account creation & password resets) – basically, the same intermediate step we did with Secure Login.  This is quicker than waiting for rewrite; allows us to continue modifying the Perl stuff and offloads account management from Bb itself.
• Mailer.fsu.edu:  Status of moving to native FSUID auth?
• Shibboleth:  Donny and I have built & installed Shib 1.2.1a (both the origin & target pieces) on directory.fsu.edu (and it’s underlying pieces – SAML, Xerces, etc.).  Will be configuring to the eDir and pilot testing as a CAS-like mechanism for web authorization & authentication.  One possible project to use Shib: federated authentication for wireless auth between FSU & FAMU.
• Discussion points (from Breeze) on email forwarding page:

o        @acns.fsu.edu and @register.acns.fsu.edu accounts should not be a choice for "starting email forwarding"

o        @fsu.edu should be a choice for "starting email forwarding"

o        Why do they need to enter their password if they are already logged into the FSUID site?

o        In the examples of forwarding addresses, "xxx@fsu.edu" should not be given.  Since it is NOT possible to forward your @fsu.edu address (only forward TO it).

o        In the "Stop email forwarding" area, you CAN change your email forwardings for @fsu.edu. In fact, this page is one of the only places you can do that easily.  But you can't really stop forwarding of those, just change it.

o        again, is password auth necessary for the stop forwarding?  Also it gets a bit lost down there at the bottom.