redirect sparql.vanderbilt.edu to Neptune

[baskaufs]

I belive that the request to map the sparql.vanderbilt.edu subdomain over to the Neptune one has already been completed. However, querying to the sparql.vanderbilt.edu subdomain still doesn't work.

Querying the Neptune endpoint directly works fine:

https://5j6diw4i0h.execute-api.us-east-1.amazonaws.com/sparql?query=select+distinct+%3Fs+%3Fo+%3Fp+where+{%0A%3Fs+%3Fo+%3Fp.%0A}%0Alimit+5&default-graph-uri=http%3A%2F%2Fnomenclature_2022-02-02&default-graph-uri=http%3A%2F%2FAATOut_2Terms

Querying via the sparql.vanderbilt.edu endpoint produces this error when the query is made programatically:

SSLError: HTTPSConnectionPool(host='sparql.vanderbilt.edu', port=443): Max retries exceeded with url: /sparql?query=select+distinct+%3Fs+%3Fo+%3Fp+where+%7B%0A%3Fs+%3Fo+%3Fp.%0A%7D%0Alimit+5&default-graph-uri=http%3A%2F%2Fnomenclature_2022-02-02&default-graph-uri=http%3A%2F%2FAATOut_2Terms (Caused by SSLError(SSLCertVerificationError("hostname 'sparql.vanderbilt.edu' doesn't match '*.execute-api.us-east-1.amazonaws.com'")))

Pasting the query

https://sparql.vanderbilt.edu/sparql?query=select+distinct+%3Fs+%3Fo+%3Fp+where+%7B%0A%3Fs+%3Fo+%3Fp.%0A%7D%0Alimit+5&default-graph-uri=http%3A%2F%2Fnomenclature_2022-02-02&default-graph-uri=http%3A%2F%2FAATOut_2Terms

directly in a browser produces these results:

X-Firefox-Spdy: h2
content-length: 23
content-type: application/json
date: Mon, 08 Aug 2022 18:04:18 GMT
x-amz-apigw-id: Wjl1cHE7oAMFyZg=
x-amzn-errortype: ForbiddenException
x-amzn-requestid: 8f3f6a32-2171-4466-8186-74d5ef193100

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
DNT: 1
Host: sparql.vanderbilt.edu
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-GPC: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0

Note: the results are the same regardless of whether the SSH tunnel is open or not.

Based on the errors, it appears that there is some problem with the security certificate, but not the actual subdomain mapping. @CliffordAnderson @awesolek2 do you have any ideas about how we should go about fixing this?

[CliffordAnderson]

Yes, I think you've diagnosed the issue correctly. We have switched over the domain name, but we now need to import the SSL certificate. Right now, we're not authenticating properly via SSL, leading the browser to reject our request. I believe we need to import the SSL (see https://aws.amazon.com/certificate-manager/), which likely means another request to Cloud IT.

[awesolek2]

@baskaufs @CliffordAnderson Looking into this presently. I'll let you know if I have any questions, Steve. Thanks as always for your very thorough diagnosis.

[baskaufs]

Andy got the redirect to work and one can now query directly in a browser and via Python HTTP requests. However, when making requests using Javascript, there are CORS problems like this:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://sparql.vanderbilt.edu/sparql?query=SELECT%20DISTINCT%20%3Fgenus%20WHERE%20%7B%3Fpage%20%3Chttp%3A%2F%2Fpurl.org%2Fdc%2Felements%2F1.1%2Fcreator%3E%20%22bioimages.vanderbilt.edu%22.%3Fpage%20%3Chttp%3A%2F%2Fpurl.org%2Fdc%2Fterms%2Freferences%3E%20%3Forganism.%3Fidentification%20%3Chttp%3A%2F%2Fpurl.org%2Fdsw%2Fidentifies%3E%20%3Forganism.%3Fidentification%20%3Chttp%3A%2F%2Frs.tdwg.org%2Fdwc%2Fterms%2Fgenus%3E%20%3Fgenus.%7DORDER%20BY%20ASC(%3Fgenus). (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

[baskaufs]

This seems to be resolved now with the CORS setup:

Access-Control-Allow-Headers left blank

Access-Control-Allow-Origin set as *

(Matthew Dillingham helped us figure this out.)