+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
MIS Systems Thread, CAUTION WITH ePortal 11.1 in Technical; We installed the Facility/eportal 11.1 update yesterday to find it broke our ldap login to eportal, meaning we had to ...
  1. #1
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    400
    Thank Post
    77
    Thanked 53 Times in 51 Posts
    Rep Power
    18

    CAUTION WITH ePortal 11.1

    We installed the Facility/eportal 11.1 update yesterday to find it broke our ldap login to eportal, meaning we had to create all staff resource passwords.

    Aparently this is a known issue and they are working to fix it but have NOT pulled the update.

    Just a heads up to everyone.

    Nick

  2. #2

    Join Date
    Jun 2007
    Location
    Wakefield, West Yorkshire
    Posts
    585
    Thank Post
    83
    Thanked 112 Times in 91 Posts
    Rep Power
    57
    Hi all,

    Just to give some input into this - I'm not sure of the individual case, but just for those who may not understand the OP fully, if this is the case it will only affect those people using our SSO add on which enables you to use AD logins with ePortal. In this case, I believe Nick is saying he's had to go back to the resource passwords way of logging in whilst it is fixed.

    This will not cause everyone upgrading to 11.1 to have to repopulate their resource passwords - just those using SSO.

    I'm sorry to hear you've had this problem Nick, i'll see where it's at on Monday for you.

    Mic @ Serco

  3. #3

    Join Date
    May 2008
    Location
    Kent
    Posts
    490
    Thank Post
    24
    Thanked 71 Times in 62 Posts
    Rep Power
    25
    This should have been picked up during testing! Issues like this is part of the reason why i now await at least a week before installing any of the new facility updates.

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by Tallwood_6 View Post
    This should have been picked up during testing! Issues like this is part of the reason why i now await at least a week before installing any of the new facility updates.
    Serco once again opened the doors for people to test the new release, of which I offered and did do, and certainly when I sent my test details to them I had, out of a range of testers in the public, been only one of a tiny number to actually bother doing any ePortal testing.

    This in a way annoys me, people complain about bugs in this way, but yet Serco openly via the newsletter say ok you want to help us test, get in touch, now obviously I don't know if they get inundated or are highly selective on the testing or anything, maybe @michael2k6 can say or get Nick or someone to say how it works, but I don't think they go oh we will only let 5 people test it, they test in 2 phases so they must have more than 2 or 3 externals.

    As for 11.1, I've been on 11.1 since Easter time as I was part of the testing and early adoption they do (as I had some major issues in 10.3 so was keen to get those resolved which were), as a result I found some bugs during testing which I fed back and fed back a few other comments on 11.1 builds right up till the one that's now launched for all to have. Overall I have found 11.1 to be an excellent release and not complaining about it, Serco & Patni have resolved about 9 of my support tickets in the latest release, some of which have been open for many months so I am very impressed at it for a release.

    However to the OP's point on the SSO / LDAP, I would never consider using the SSO / LDAP system simply as its never been majorly reliable, and its been hit and miss with some having more success than others, plus it opens major security holes in my opinion, as many members on here have found, colleagues fail to lock workstations / log off / use high strength passwords so you might as well just have open access to all data in your MIS to anyone if you get staff doing things like that as SSO allows one click and your done which is very risky, the use of separate resource passwords is great as it makes it harder to just get in as quick.

  5. Thanks to john from:

    michael2k6 (7th May 2011)

  6. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,089
    Thank Post
    511
    Thanked 2,308 Times in 1,784 Posts
    Blog Entries
    24
    Rep Power
    803
    I think you've missed the OP's point here John. It isn't about user testing, this is something that Serco should have tested internally before release.

    User testing is great, but it is a last step. Releasing an update with something as fundamental as broken SSO is a major problem. It'd be like Microsoft releasing an update to Windows which prevented active directory login to computers, making users revert back to using local logins...

  7. #6

    Join Date
    Jun 2007
    Location
    Wakefield, West Yorkshire
    Posts
    585
    Thank Post
    83
    Thanked 112 Times in 91 Posts
    Rep Power
    57
    Thanks John. I can understand the OP too, and what LocalzUK said is correct also.
    We do have a full testing programme prior to release and I will ensure I look into how we had missed this in an attempt to ever improve our procedures.
    Thanks John for recognising that whilst there are still some issues, we are constantly imrproving, and have come on leaps and bounds in recent months. We are also always open to suggestions and ideas.
    I also completely understand this doesn't make the current situation any better for Bart21 and I will see if there is anyway in which I can help on Monday.

    Regards
    Mic

  8. Thanks to michael2k6 from:

    john (7th May 2011)

  9. #7

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by localzuk View Post
    I think you've missed the OP's point here John. It isn't about user testing, this is something that Serco should have tested internally before release.

    User testing is great, but it is a last step. Releasing an update with something as fundamental as broken SSO is a major problem. It'd be like Microsoft releasing an update to Windows which prevented active directory login to computers, making users revert back to using local logins...
    No you've missed my point I was trying to make, here is a good example, a user complaining about a section of the product, that part will have been tested, its all tested I can assure you of that, yet will they put there money where there mouth is and test the product to help check it, most likely not I suspect (although I maybe wrong perhaps they did test 11.1 or offer to?) as a number of colleagues in other schools complain about issues but are scared to test or not willing to put the time in to install it on a VM / laptop etc...

    Knowing Serco as I do this release and the last few have had a whole lot more testing than any others ever issued for a very long time, however everything in testing is in "the perfect world", hence why they need us in our "not so perfect world" to assist with testing, of which I offer and did do. Same reason MS test internally, with partners then say ok world test for us and feedback, and even our Edu-Project coders do the same, maybe in our "not perfect world" that don't conform to industry standards on our LANs, no-one tested SSO in 11.1 and thus is why its got niggles.

    As much as I love my Serco stuff, its also common knowledge that the LDAP / SSO has been less than perfect for at least the last 3 years if not longer and isn't in my opinion the best way of logging on from the way its all documented. The SSO stuff is usually jammed right at the very back of the book hidden deep away as an optional thing to do, if it was the key primary way it would be at the front in the logon section rather than it can do SSO but go elsewhere to get that info.

    One major issue in the past has always been around people who's windows systems don't conform to the standards that LDAP should, MS have there own way of interpreting standards (as I know you know localzuk being a coder), they are often similar to the official way, however not always quite the same and thus what works for one thing doesn't work in another, just like HTML, IE has its own way of dealing with it which isn't quite right but fairly close, but FF and Chrome do it far more accurately so I am told. This is, I would guess, a similar situation, the OP's domain probably has something's that don't conform to the official LDAP standards somewhere in-amongst it, this will be creating an issue and now will have to be worked around as a software developer isn't going to be able to predict every weird domain setup and code it in to start with, so maybe that is the issue.

    So yes its annoying the OP, yes it should have worked, however I would rather they spend more time in the Assessments, Exams, Reporting etc than an accessory of the product which doesn't add to its usability in any real way other than lazyness.

  10. #8
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    400
    Thank Post
    77
    Thanked 53 Times in 51 Posts
    Rep Power
    18
    @john

    I can see what you are saying but, if your school had been using sso for 3 years with no probs and then at 9 am we suddenly get the head coming down saying 'no-one can do their registers or see who is on cover because they camt log in'. It then took us a lot of time to create every teacher, cover supervisor and slt resource passwords, and then explain how to use them.

    This meant the teachers could not do registers till after break, and no-one knew who was on cover.

    It was my department that were getting it in the neck for the issue we can't fix.

    Like I said sso has been fine for 3 years, so why do they change it now.

    Nick

  11. #9

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by bart21 View Post
    @john

    I can see what you are saying but, if your school had been using sso for 3 years with no probs and then at 9 am we suddenly get the head coming down saying 'no-one can do their registers or see who is on cover because they camt log in'. It then took us a lot of time to create every teacher, cover supervisor and slt resource passwords, and then explain how to use them.

    This meant the teachers could not do registers till after break, and no-one knew who was on cover.

    It was my department that were getting it in the neck for the issue we can't fix.

    Like I said sso has been fine for 3 years, so why do they change it now.

    Nick
    You need a crown Nick your the first person I've met, and I know a good number of Serco schools, who has had SSO working for that long! There hasn't been that many changes to it over the years, not saying there hasn't been any, but not that many that I recall in release notes which I do read fully even if I don't use that bit of the system as its useful for on here.

    Putting my @GrumbleDook hat on here, did you test your 11.1 upgrade in a test situation on your LAN before releasing it which would be good practice for any MIS upgrade (in-fact any upgrade at all to anything) or just stick it on? I always install it on a test then test that as all types of user before then being happy to upgrade the live one.

  12. #10

    Join Date
    May 2008
    Location
    Kent
    Posts
    490
    Thank Post
    24
    Thanked 71 Times in 62 Posts
    Rep Power
    25
    John I accept that beta testers are required but ultimately a school expects a finished working product. It is up to serco to ensure that the product has received an acceptable level of testing covering all the available functionality before release.

  13. #11
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    400
    Thank Post
    77
    Thanked 53 Times in 51 Posts
    Rep Power
    18
    @tallwood

    Well said, thank you.

  14. #12

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by Tallwood_6 View Post
    John I accept that beta testers are required but ultimately a school expects a finished working product. It is up to serco to ensure that the product has received an acceptable level of testing covering all the available functionality before release.
    We all expect fully finished and working stuff from everyone be that Microsoft, Serco, Capita or anyone else, but reality is not everything fits the same mould, for instance my playing on my laptop tonight and I can get SSO working fine on my test LAN, thus saying its clearly not an outright coding issue and maybe more an incompatibility between a users LAN and the product, thus indicating that its perhaps not an exclusive coding issue, thus welcome to the world of computers and emphasises the point I made in my last post that if everything stuck to every standard fully and to the letter things like this would just work, but things don't so we have issues.

  15. #13

    Join Date
    Mar 2008
    Location
    Derby
    Posts
    19
    Thank Post
    0
    Thanked 6 Times in 5 Posts
    Rep Power
    14
    Morning everyone,

    I just want to clarify what the issue is regarding ePortal 11.1 and SSO. There are 2 types of single sign on: bypass login and always present.

    Bypass login means that the user logs on the computer, then when they browse to ePortal the credentials they have already entered are used to verify who they are, without the user having to do anything.

    Always present means when a user browses to ePortal they are prompted for their AD credentials instead of their ePortal login details.

    Bypass login works in 11.1, always present does not.

    During the testing of 11.1 we only looked at bypass login as we mistakenly thought all SSO schools were using this method - we'll rectify this for the next release of ePortal.

    For this release we had 24 beta testers, including some local authorities and we also had the release running live in several schools (the exact number escapes me at the minute) for up to 4 weeks before the release to help identify any issues that may arise in a live school that we might miss in a test environment.

    Obviously the process isn't perfect - we are always working to improve it and we are always looking to expand the number of schools like john's that are kind enough to take the time out to test for us. For this release (and all releases moving forward) we have greatly expanded the testing time at all stages of testing to ensure that each new version is as stable as you expect it to be.

    Going back to the OP, we will have a fix out for this issue as soon as possible and will notify the affected schools as soon as we do (it will be later today at the earliest I expect) and we'd like to apologise for the inconvenience caused.

    I hope some of this information helps, once again - we'll take steps to ensure this kind of error doesn't slip through again in the future and I hope that you'll notice an increase in the quality of our releases thanks to the excellent work of our beta testers.

    Please let me know if you have any further questions or feedback.

    Nick

  16. Thanks to NickBuckel from:

    john (9th May 2011)

  17. #14
    AshEarl's Avatar
    Join Date
    Apr 2010
    Location
    South Lincolnshire,UK
    Posts
    25
    Thank Post
    2
    Thanked 5 Times in 5 Posts
    Rep Power
    0
    @NickBuckel

    During the testing of 11.1 we only looked at bypass login as we mistakenly thought all SSO schools were using this method - we'll rectify this for the next release of ePortal.
    Does this mean we get a refund on the time we are paying for this? Given the amount of time wasted in my department rectifying this, it seems only fair?

  18. #15
    wickit's Avatar
    Join Date
    May 2007
    Location
    Sitting down
    Posts
    132
    Thank Post
    3
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    Quote Originally Posted by AshEarl View Post
    @NickBuckel
    Does this mean we get a refund on the time we are paying for this? Given the amount of time wasted in my department rectifying this, it seems only fair?
    You go two hopes there mate, and ones name is Bob

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. how can i set up my own Eportal?
    By sunny75 in forum MIS Systems
    Replies: 10
    Last Post: 27th September 2012, 09:26 PM
  2. Royal Mail 'track and trace' - a word of caution?
    By theeldergeek in forum General Chat
    Replies: 7
    Last Post: 15th January 2010, 09:42 PM
  3. Eportal over internet
    By Chris in forum MIS Systems
    Replies: 4
    Last Post: 5th June 2008, 08:24 AM
  4. ePortal
    By kylewilliamson in forum MIS Systems
    Replies: 6
    Last Post: 6th August 2007, 09:28 PM
  5. Photos in ePortal
    By TekkyMatt in forum MIS Systems
    Replies: 3
    Last Post: 22nd June 2007, 12:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •