Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] API broken after upgrade of cat.eduroam.org to 2.0

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] API broken after upgrade of cat.eduroam.org to 2.0


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Martin Božič <martin.bozic AT arnes.si>
  • Cc: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] API broken after upgrade of cat.eduroam.org to 2.0
  • Date: Fri, 5 Oct 2018 09:52:51 +0200
  • Autocrypt: addr=stefan.winter AT restena.lu; prefer-encrypt=mutual; keydata= xsFNBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5jemiS88Gxf iDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zObFjgog01WWQV5Sihl wc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYrb7zJWPwmegTFwE093uBFvC39 waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOajl18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/ 1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnBe9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv 9ur+1kN+TNU2XE436jVpnnY/3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92 T68Od82CFxuZqPAgBCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndj pmo+lo2asmBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8CBSQQJ+cG 9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQABzTxTdGVmYW4gV2lu dGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50ZXJAcmVzdGVuYS5sdT7CwXkE EwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/ D/99hVS+mJr8dSPCaDaUFFxBiT2eI1LoR8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO 91bNZ+oZGgyoNohcBAI7p+r0qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2Z FokeUsecoRVJF/++/qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVH lWC+bymty/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22lHiSQWgP 8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2CzLYsyeKySAtYJEH FVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa9q6LwquWKS5+MXlUXe/3oZUc gpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aYn5M+iJTQSj4vzqtkQaJTpSspRZoKa66H Zt3IwSYiDiYZqtM83ynuj9kjnZzGfnuTaNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483 q/qrJwh5ES8Q9xY7aat/ZcSl8fKubW4TlfVr8c7BTQRSKZRMARAAvBPpn7FQq7LQ5glohtbL 6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHeqdon7v+SLtR4WngzMR9toupK cFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveKBHEsDn00ThTcPsvtXpnnzET16pXIvOXO 0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFT dMPUgjKuubfAeaDNCOrVt4RjmFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqC FInzIXDx7aRW2+JCiqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ 2/MOQCgUdwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqrNkxgC6pe mZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/PofAXhJW7I9mAs+H dWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR4EWFn9vvoFDAIqD10h3FSd3D 59HGtdSsNn4XaCsAEQEAAcLBXwQYAQIACQUCUimUTAIbDAAKCRDA3mo1ijncZhBtEACL036d djc5pFoYIdoUY1vT8SMXJNquewCnL1quDADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZ wUZtoa1Pgfr8nU6KOgrXPHbNjS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPV l3dUQyDa/lzc1chKUIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDS hCb+BxJv/o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIvJyUt5yYP KfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqfC2ZjIbBtZg9ylHU8 u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+od3TXFIFjszSU3NgMPKrWNhF LLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xiu4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+ 7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ +XAfN46u1Xjjv1/AkkA4IA6m5zP5og==
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

> Understood. Is there any possibility to apply compatibility hotfixes for
> admin API too while we prepare the rewrite on our end?

I'm sorry, that is not possible. The UserAPI had only mild changes,
mostly to remove a rather simple polymorphism in the parameters; a few
lines of code added compatiblity to the v1 API.

OTOH, the AdminAPI of version 1 was a terrible ad-hoc hack with really
ugly code. I was singing and dancing while I deleted that large chunk of
ugly code ;-) for a complete rewrite. There is no simple going back.

Greetings,

Stefan

>
> Regards,
> Martin
>
>>
>> Greetings,
>>
>> Stefan Winter
>>
>>>
>>> Martin
>>>
>>> On Thu, Oct 04, 2018 at 08:46:48PM +0200, Tomasz Wolniewicz wrote:
>>>> Hi,
>>>>
>>>>   due to problems like yours I have applied some hot-fixes to the
>>>> API to
>>>> make it accept the previous syntax. Can you confirm that your problems
>>>> still exist?
>>>>
>>>> Tomasz
>>>>
>>>>
>>>> W dniu 04.10.2018 o 19:48, Martin Božič pisze:
>>>>> Hello!
>>>>>
>>>>> At Arnes we are having an urgent issue. We're in the middle of a
>>>>> massive
>>>>> Eduroam deployment in elementary and high schools and we're using
>>>>> cat.eduroam.org API in our home grown self-service provisoning portal
>>>>> which
>>>>> orchestrates the FreeRADIUS, LDAP and DHCP and CAT portal and profiles
>>>>> provisoning.
>>>>>
>>>>> It seems that that todays update of cat.eduroam.org API broke out
>>>>> provisioning system. This is what we've found out so far:
>>>>>
>>>>> - [just for context] on 3.10.2018 we've resolved an internal issue
>>>>> with   on provisioning system with a simple workaround, and deployed
>>>>> on production
>>>>>   in the late afternoon.
>>>>> - the last succesful provisoning by our system was completed yesterday
>>>>>   morning (3.10.2018)
>>>>> - the error that we've got from debugging the self-service
>>>>> provisioning
>>>>>   portal is the following:
>>>>>
>>>>>    - API endpoint our portal is calling:
>>>>> https://cat.eduroam.org/admin/API.php
>>>>>    - debug from example payload (note that this is Python output which
>>>>> is not
>>>>>      in valid JSON format):
>>>>>
>>>>>      {
>>>>>     'option[S90]': 'profile-api:eaptype',
>>>>>     'option[S3]': 'eap:ca_url',
>>>>>     'option[S1]': 'general:instname',
>>>>>     'value[S1-0]': u'OSNOVNA \u0160OLA MUTA',
>>>>>     'option[S5]': 'eap:server_name',
>>>>>     'value[S69-3]': 'on',
>>>>>     'option[S66]': 'profile:name',
>>>>>     'value[S4-0]': '',
>>>>>     'APIKEY': 'a******************f',
>>>>>     'NEWINST_PRIMARYADMIN': '',
>>>>>     'value[S4-lang]': 'C',
>>>>>     'ACTION': 'NEWINST',
>>>>>     'value[S90-0]': 1,
>>>>>     'option[S70]': 'profile-api:realm',
>>>>>     'option[S69]': 'profile:production',
>>>>>     'value[S66-0]': u'OSNOVNA \u0160OLA MUTA',
>>>>>     'option[S4]': 'support:email',
>>>>>     'value[S3-0]':
>>>>> 'ftp://ftp.arnes.si/software/eduroam/arnes_eduroam_ca_2012.pem',
>>>>>     'option[S72]': 'profile-api:anon',
>>>>>     'value[S67-1]': u'Profil za uporabnike organizacije: OSNOVNA
>>>>> \u0160OLA MUTA',
>>>>>     'option[S91]': 'profile-api:eaptype',
>>>>>     'option[S67]': 'profile:description',
>>>>>     'value[S70-0]': u'osmuta.si',
>>>>>     'value[S5-0]': 'orle.arnes.si',
>>>>>     'value[S71-3]': 'on',
>>>>>     'value[S91-0]': 2,
>>>>>     'value[S72-0]': u' AT osmuta.si',
>>>>>     'value[S66-lang]': 'C',
>>>>>     'option[S71]': 'profile-api:useanon',
>>>>>     'value[S1-lang]': 'C'
>>>>>      }
>>>>>
>>>>>    - response from cat.eduroam.org API:
>>>>>
>>>>>      {
>>>>>     "result": "ERROR",
>>>>>     "details": {
>>>>>         "errorcode": 8,
>>>>>         "description": "Unable to decode JSON POST data."
>>>>>        }
>>>>>      }
>>>>>
>>>>> - our testing environment where we use API from
>>>>>   https://cat-test.eduroam.org/branch/admin/API.php is doing fine.
>>>>>
>>>>>
>>>>> Unfortunately, since the hand-off from the original AAI/developer team
>>>>> that
>>>>> developed our portal somehow missed this detail on so strictly relying
>>>>> on cat.eduroam.org API, we weren't aware and ready of the coming CAT
>>>>> upgrade.
>>>>> That's why we're now in a showstopper situation and unable to meet our
>>>>> deployment deadline, thus jeopardizing the project. We can't afford to
>>>>> workaround with excluding the CAT from our provisioning system because
>>>>> it's actually a cornerstone of the rollout.
>>>>>
>>>>> We're asking for help or any information about API changes that could
>>>>> help us restore the service as soon as possible.
>>>>>
>>>>> Regards,
>>>>> Martin Božič
>>>>> To unsubscribe, send this message:
>>>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>>>> Or use the following link:
>>>>> https://lists.geant.org/sympa/sigrequest/cat-users
>>>>
>>>> -- 
>>>> Tomasz Wolniewicz
>>>>         
>>>> twoln AT umk.pl
>>>>         http://www.home.umk.pl/~twoln
>>>>
>>>> Uczelniane Centrum Informatyczne   Information&Communication
>>>> Technology Centre
>>>> Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
>>>> pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
>>>> tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.:
>>>> +48-693-032-576
>>>>
>>> To unsubscribe, send this message:
>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>> Or use the following link:
>>> https://lists.geant.org/sympa/sigrequest/cat-users
>>
>>
>> -- 
>> Stefan WINTER
>> Ingenieur de Recherche
>> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
>> de la Recherche
>> 2, avenue de l'Université
>> L-4365 Esch-sur-Alzette
>>
>> Tel: +352 424409 1
>> Fax: +352 422473
>>
>> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
>> recipient's key is known to me
>>
>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>
>> pub  4096R/8A39DC66 2013-09-06 Stefan Winter (RESTENA key 2013+)
>> <stefan.winter AT restena.lu>
>> sub  4096R/4EFEA2BE 2013-09-06
>
>
>
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0xC0DE6A358A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page