mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #09171
[Bug 1003980] Re: Authentication plugin user autocreation can become impossible
On 01/06/12 21:30, Simon Story wrote:
> Hi Richard,
>
> As it is, you can't enable (SAML) user auto-creation without also
> setting usersuniquebyusername = 1. Honest. Please try it. I'm begging
> you. You must think I am crazy. Maybe I am.
>
> ...you get the error 'You can only choose user auto creation if
> you have not selected remoteuser'
> ...
> So therefore, you can't set have auto user creation of SAML users
> without usersuniquebyusername = 1. The manual says the same.
Damn, I'm the one who's crazy, I didn't know about that error message.
I'll submit the patch.
Guess I just assumed it'd work the same as the xmlrpc plugin. It's a
shame we are encouraging people to turn usersuniquebyusername on,
because it really sucks.
Maybe there's no way around it, though, I'm not too sure. With other
external id providers (e.g. ldap) you can make the ldap auth the 'parent
method' of your SSO (xmlrpc), and that usually gives you enough to leave
usersuniquebyusername off and autocreation on. But SAML is trying to do
both the id provision & the SSO, which maybe makes it impossible.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1003980
Title:
Authentication plugin user autocreation can become impossible
Status in Mahara ePortfolio:
Triaged
Bug description:
It is possible to put yourself in a situation where users having users
auto-created by an authentication plugin is impossible.
By design, for auto-creation to happen, all institutions must be
registerallowed = 0 .
By design, when an authentication plugin is added to an institution,
registerallowed is set to 0. But it is not set for all institutions,
if multiple exist.
Once an authentication plugin is added to an institution, via the web
interface the control to toggle registerallowed for an institution is
hidden.
To reproduce from a fresh installation of Mahara:
Create an institution
Set config item usersuniquebyusername = 1
Add and configure an authentication plugin
Attempt to login with with a new user that should autocreate, which will fail because the 'mahara' institution will still have registerallowed = 1
To workaround:
Connect to the database and set registerallowed = 0 for all institutions, eg 'UPDATE institution set registerallowed = 0 ;'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1003980/+subscriptions
Follow ups
References