search

MESH-Research / knowledge-commons-works

The next-generation research repository for the Knowledge Commons (formerly Humanities Commons)
https://hcommons.org
MIT License
4 stars 0 forks source link

Unable to Log In #604

Closed gmeben closed 1 week ago

gmeben commented 3 weeks ago

Describe the bug Attempting to log in to Works with the test user gihctester results in a 502 error. Attempting to log in to the HCommons with the same user is successful. Some users have been reported to be able to log in to Works while others are not.

To Reproduce

  1. Visit works.hcommons.org
  2. Click "Log in"
  3. Click "Knowledge Commons"
  4. Click the Humanities Commons "HC" button
    • Enter credentials, if prompted
  5. 502 encountered

Expected behavior The test user gihctester should be able to log in to Works.

Screenshots Screenshot of the Nginx encountered within the browser

monotasker commented 3 weeks ago

This may be an example of the issue with Comanage and WP treating capitalization differently in usernames. I'll look at it when we address that issue.

gmeben commented 1 week ago

I made a mistake in my testing. I apologize. I forgot I had to visit works.hcommons.org, not just hcommons.org. I'm still encountering a 502 error when attempting to log in to works.hcommons.org.

monotasker commented 1 week ago

For some reason this user's login isn't returning the same set of SAML response values as usual. The error is thrown in the knowledgeCommons_account_info handler when it tries to retrieve the email address from the mapped key:

KeyError: 'urn:oid:0.9.2342.19200300.100.1.3'

The SAML data returned is:

{'urn:oid:2.5.4.4': ['Hc'], 'urn:oid:2.5.4.3': ['Ghost Hc'], 'urn:oid:2.5.4.12': ['Tester'], 'urn:oid:2.5.4.42': ['Ghost'], 'urn:oid:2.16.840.1.113730.3.1.3': ['gihctester'], 'urn:oid:0.9.2342.19200300.100.1.1': ['gihctester@hc-idp.hcommons.org'], 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1': ['CO:COU:ARLISNA:members:active', 'CO:COU:HASTAC:members:active', 'CO:COU:HC:members:active', 'CO:COU:MLA:members:active', 'CO:COU:MSU:members:active', 'CO:COU:SAH:members:active', 'CO:COU:STEMEDPLUS:members:active', 'CO:COU:UP:members:active', 'Humanities Commons:HASTAC_Educational and Cultural Institutions', 'Humanities Commons:HASTAC_Humanities, Arts, and Media', 'Humanities Commons:HASTAC_Publishing and Archives', 'Humanities Commons:HASTAC_Social and Political Issues', 'Humanities Commons:HASTAC_Teaching and Learning', 'Humanities Commons:HASTAC_Technology, Networks, and Sciences'], 'urn:oid:1.3.6.1.4.1.49574.110.13': ['https://hc-idp.hcommons.org/idp/shibboleth'], 'urn:oid:1.3.6.1.4.1.49574.110.10': ['HC Login'], 'urn:oid:1.3.6.1.4.1.49574.110.11': ['Humanities Commons IdPofLR'], 'urn:oid:1.3.6.1.4.1.49574.110.12': ['Humanities Commons IdPofLR']} {handlers.py:142}

Instead of the expected key and email pair, we see the key urn:oid:0.9.2342.19200300.100.1.1 and an obfuscated email gihctester@hc-idp.hcommons.org

monotasker commented 1 week ago

This contrasts with the usual response, in which the key urn:oid:0.9.2342.19200300.100.1.3 carries the user's unobfuscated email address

monotasker commented 1 week ago

It turns out this is by design. GI users in Comanage lack email addresses. I'll modify the SAML login flow to allow the SAML response to be missing the email if the user account already exists. Then we'll have to manually create matching GI user accounts in KCWorks