mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

** Tags added: saml

** Changed in: mahara
       Status: New => Triaged

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
    Milestone: None => 1.4.0

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/724471

Title:
  SAML does not fail gracefully when Identity Provider does not provide
  require attribute

Status in Mahara ePortfolio:
  Triaged

Bug description:
  When a Shibboleth Identity Provider does not provide a required
  attribute, Mahara presents a page that says "Site Unavailable" and "A
  nonrecoverable error occured. This probably means you have encountered
  a bug in the system."  You also will get stuff in the error_log like
  what's in the file attached.

  By comparison, when this situation arises with Moodle, the page tells
  the user something like this:

  "You seem to be Shibboleth authenticated but Moodle didn't receive any
  user attributes. Please check that your Identity Provider releases the
  necessary attributes ('REMOTE_USER', 'givenName', 'sn' and 'mail') to
  the Service Provider Moodle is running on or inform the webmaster of
  this server."

  Especially if people intend to run federated authentication, SAML
  should fail gracefully if an Identity Provider doesn't provide all the
  attributes Mahara requires.  If nothing else, it at least makes it
  clear that the problem is probably with the Identity Provider and not
  one or more bugs in Mahara.