kbowaterskelly
commented
1 year ago This change is several changes. The metadata for anything, including an existing shibboleth-authenticated application, needs to be exactly the same, down to the byte. Since the url will change, and there may be a UUID or similar that may differ (which I will check) here is the plan.
- Retrieve new metadata from Lyrasis, compare to existing (us/me). This step may differ according to the information the administrator from Lyrasis provides. Gather rollback information.
- Authorize new metadata (for /staff) with Shibboleth team (Gerry Hall, OIT).
- Move existing instance of AS to new URL during business hours (Lyrasis), then test authentication (Us). Rollback if needed.
- Authorize old url with new metadata, if needed. (Gerry Hall, OIT)
- Stand up new production instance (Lyrasis) at the old URL, then test authentication (Us).
I am hopeful to have this take place by Wed 3/1 but this will take place after the sprint closing meeting. This change requires coordination across us, OIT, and Lyrasis. Downtime in this process should be limited to 5-15 minutes. We will maintain the ability to rollback any changes that would negatively impact service availability.
lovinscari
AGCooper
erussey
The current URL for the prod staff side environment is https://emory.lyrasistechnology.org/ . This needs to be changed to https://emory.lyrasistechnology.org/staff so we can stand up a production PUI instance at the original URL. The staff environment has a Shibboleth integration that will need to be modified.
This work will need to be coordinated carefully with Blake at Lyrasis since this production environment is in active use and we want to minimize downtime.