← Back to team overview

mahara-contributors team mailing list archive

[Bug 1003980] Re: Authentication plugin user autocreation can become impossible

 

On 01/06/12 21:30, Simon Story wrote:
> Hi Richard,
> 
> As it is, you can't enable (SAML) user auto-creation without also
> setting usersuniquebyusername = 1. Honest. Please try it. I'm begging
> you. You must think I am crazy. Maybe I am.
> 
> ...you get the error 'You can only choose user auto creation if
> you have not selected remoteuser'
> ...
> So therefore, you can't set have auto user creation of SAML users
> without usersuniquebyusername = 1. The manual says the same.

Damn, I'm the one who's crazy, I didn't know about that error message.
I'll submit the patch.

Guess I just assumed it'd work the same as the xmlrpc plugin.  It's a
shame we are encouraging people to turn usersuniquebyusername on,
because it really sucks.

Maybe there's no way around it, though, I'm not too sure.  With other
external id providers (e.g. ldap) you can make the ldap auth the 'parent
method' of your SSO (xmlrpc), and that usually gives you enough to leave
usersuniquebyusername off and autocreation on.  But SAML is trying to do
both the id provision & the SSO, which maybe makes it impossible.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1003980

Title:
  Authentication plugin user autocreation can become impossible

Status in Mahara ePortfolio:
  Triaged

Bug description:
  It is possible to put yourself in a situation where users having users
  auto-created by an authentication plugin is impossible.

  By design, for auto-creation to happen, all institutions must be
  registerallowed = 0 .

  By design, when an authentication plugin is added to an institution,
  registerallowed is set to 0. But it is not set for all institutions,
  if multiple exist.

  Once an authentication plugin is added to an institution, via the web
  interface the control to toggle registerallowed for an institution is
  hidden.

  To reproduce from a fresh installation of Mahara:
  Create an institution
  Set config item usersuniquebyusername = 1
  Add and configure an authentication plugin
  Attempt to login with with a new user that should autocreate, which will fail because the 'mahara' institution will still have registerallowed = 1

  To workaround:
  Connect to the database and set registerallowed = 0 for all institutions, eg 'UPDATE institution set registerallowed = 0 ;'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1003980/+subscriptions


Follow ups

References