I’ve gotten asked a few time lately to document how we integrated Joomla with Shibboleth authentication. It turned out to be fairly straight-forward, primarily due to the awesome Joomla Auth plugin from Sam Moffat .
The first step is getting your Apache server configured to use Shibboleth. The main Shibboleth site https://spaces.internet2.edu/display/SHIB2/Home is your best friend when it comes to this. Pick the one for your platform, we are running on OS X, which turns out to be one of the more involved installs. Linux set-up are pretty straightforward. We already had an Identity provider up and running on campus so all I had to do was install a service provider.
Once Shib is running, you need to enable it for the host where your Joomla site lives. I just turned on Shib for the entire server using this in httpd.conf
AuthType shibboleth
ShibRequireSession Off
require shibboleth
Next is to install the Joomla Auth Plugins. You can find instructions for that here Quickstart_for_1.5.
I installed the libauthtool package from file repository and the plgSSOHTTP from the same spot since really what we’re doing is using HTTP header authentication.
Configuring these plugins is pretty straightforward. Here’s a screenshot of one of our configured sites. The key is setting the User Key to coincide in the SSP HTTP Plugin with where the username lives in the Shibboleth header.
In our case, and in most cases, that is REMOTE_USER. The “Username Replacement” option is handy for stripping off the @ portion of the REMOTE_USER data. That allows you to use regular username in Joomla. For example, payst@unc.edu (my Shibboleth ID) can simply be payst in Joomla and I can login as payst. This makes it easier on the users. Your config may vary depending on your Shibboleth set-up or identity management for your area.
Config for the SSO-HTTP Plugin (click to enlarge):
Config for the System SSO Plugin (click to enlarge):
The hardest part of this was getting the Shibboleth service provider set up in Apache. Make sure that works before you start trying to get Joomla integrated. I beat my head into the wall a few time before I realized some of the Shib stuff wasn’t quite right. You can test your Shibboleth authentication by setting up a folder on your web server called something like /test and adding an entry into your Apache config:
AuthType shibboleth
ShibRequireSession On
require shibboleth
Then drop an index.php in that directory with
<?php print_r($_SERVER)>
Visit the /test URL in your favorite web browser and assuming all is working right, you should get directed to your Shibboleth login page and once successfully logged in your should see a page with the full headers from your Shibboleth Identity Provider. This is also a handy way to figure out where your usernames live in the header. You should see yours in REMOTE_USER and you can use that info in configuring the plug-ins as I described above.
I hope this helps (and I hope I haven’t forgotten anything)!
The new UNC mobile site has made huge progress in the last month. Live now at m.unc.edu, the site works with iPhone, iPod touch, Blackberry, Android, Palm Pre and many other phones. We have added a growing list of news items and event feeds, links to the UNC YouTube channel (and initial plans to make that look nicer), and for iPod / iPhone users a link to the UNC iTunes U presence that drops you right into the store if you are running the 3.0 OS. The campus directory app is quite popular and I’ve used it myself many times when I was walking to a meeting and needed to call someone who wasn’t in my address book. All in all I am really pleased with the progress and really thankful to the MIT Mobile team for releasing the code.
Goals for go-live in the Fall include a campus map and a library catalog search. Both are tough to implement and may get postponed past an official launch, but we’re working on them. We are also planning a Family Weekend addition so that folks attending that event in October will have schedules and other information available to them on their mobile devices. We should have that out in the September time frame.
Reaction from campus has been really positive. Everyone who sees this likes it and many folks have contributed content or want to. There’s even a link to it on the main UNC home page if you visit there from a mobile device. Could it be that after 3+ years of plugging away on this I finally have a foothold established in the mobile world for UNC Chapel Hill?
The fine, fine folks at MIT have released the first version of their Mobile Web project as open source code. I’ve been messing around with it for a bit today and it is quite impressive. We’ve been up against budget crunch issues for continuing to push into mobile on campus and this platform may be the answer to our problems. It’s not complete at the moment, and I haven’t gotten the mobile device detection to work yet, but the pieces are certainly all there. Many thanks to the MIT team that developed this and to the folks at MIT who got it released to the public as open source code!
Tags: Mobile
There is a strong culture of service on the UNC Chapel Hill campus. Students on their own and student organizations all engage in an incredible array of service activities locally, across NC, across the country and even across the world. This is something we are rightly proud of about our students.
One of the challenges is capturing that activity in some form. There are isolated pockets of scholars who submit reports, class projects for grades, etc. but there is not a simple way for the average student to reflect on what they have done. I think there is a lot of value in these reflections, even if they aren’t highly personal they can still show others how easy service can be and the benefits they can get from it.
In an effort to provide a platform for this, we have launched a new blog platform at serviceblog.unc.edu. Based on WordPress multi-user we can host blogs for specific groups, or allow anyone associated with campus to post to the main blog. Since it’s multi-user, the constituent blog posts are rolled up into the main blog and available there are well. This is a recurring theme for me – it’s similar to the way the events get into the slice.unc.edu site – we pull them via an iCal feed from the constituent web sites.
Over the summer I hope to hook the serviceblog to the student org Joomla sites via RSS, letting students post their service activities in their sites and pulling that info for display and discover on the main serviceblog page. Same idea again.
I am working raising awareness of the serviceblog site and hope to see some students sharing their experiences with us soon.
We ran a test of Alert Carolina recently and have some real world SMS delivery numbers that I think are worth a post. We sent a little over 24,000 messages in slightly more than 7 minutes. A key metric in that is that we sent almost 80% of the messages by the second minute and many had already begun to arrive on user’s phones. By 5 minutes, 97% of our registered users had messages on the way to them and a large portion of our campus had likely already received the message.
In a real world campus emergency situation, these are excellent numbers. I have long said we don’t need to reach everyone in a classroom or on campus, just enough people so that they can notify others. We already know that students are going to tell other students what is going on much quicker than we can. If we can start that process with good information we are more able to do an effective job of keeping our campus informed.
From a technical standpoint, it is interesting to dive into some of the numbers in order to get a better understanding of the way SMS messaging, in particular large scale messaging, is handled. The first pass at delivery to all of our registered users took just under 2 minutes. As the aggregators sent back information on those delivery attempts, our vendor’s system began to retry delivery or use alternative delivery mechanisms (for example SMTP versus the initial SMPP push) and continued that until we had sent all of the alerts. Almost all of our messages were sent via SMPP, probably because smaller 3rd tier carriers are not very common among our registered users and therefore we have SMPP pipes available to us.
I think this outlines the complexity involved in getting good SMS delivery. After all, we are using / abusing a technology that wasn’t really designed to do what we are asking it to do and still managing to get really good rates of delivery. The key in this is working with a messaging vendor who deeply understands the issues and the limitations and has invested in appropriate redundancies, pathways and carrier relationships.
This is far different than the post Virginia Tech sales opportunity extravaganza that took place as small companies with untested and unknown systems infrastructure made quick sales to lots of different Universities and other organizations. Despite its limitations, SMS alerting is going to be around for some time and we have to treat it like an enterprise application and invest in the right kinds of partnerships.
Tags: alerts, emergency notification, sms
I’ve been thinking a lot lately about the so called “digital native” label so often assigned to college students, the idea that they are fully versed and skilled with technology. I’m just not convinced it’s true. I work with a lot of students and student organizations and I would say that by and large most of them, while certainly not intimidated by technology, are not really that well versed in it. Fundamental understanding of how things work also seems to be missing out. Case in point this Daily Tar Heel article about Ruckus shutting it’s doors:
“First of all, we had students served with suits from the RIAA,” said Allred.
“They had been downloading music illegally through the UNC server. That was a problem we were worried about becoming more frequent.”
I know that UNC was not illegally hosting music for our students to download. This to me illustrates the difference between comfort and understanding. Here is a very bright student who lacks a basic understanding of how networking functions. The other option here is that the reporter got the quote wrong, but that still illustrates my point.
As another example, I had a conversation recently with a student about a web-based application form. She had stopped the application process because of problems with her PC and was surprised when I told her that she could access the application from any computer with a web browser and an Internet connection. Wouldn’t a “digital native” get this up-front?
I think there is a significant impact in this perceived competence. When we go about designing systems and launching things for students on campus we tend to make assumptions that because they are comfortable with technology they will immediately “get it”. This does make roll outs easier, but if we take the assumption away I wonder if we would get better results.
I’m starting to believe that maybe today’s students aren’t so different from the supposedly technophobe administrators when it comes to actually using technology and tools and I’ve begun to adjust my planning and approach with this in mind.
Tags: students, technology