Shibboleth authenticated user in Drupal cannot SSO into Moodle

[goose2000]

Well, I'm going to document this anyway, maybe esoteric problem/bug but might help someone else. My latest situation / configuration is this:

Have a working installation of mood-drupalservices. Works great with regular authenticated Drupal users, got profile fields populating and updating - great.

Then I tried to get tricky. I need to let university people login to Drupal using Shibboleth. That works too, I can get attributes from the Idp and create local Drupal users, so they are 'authenticated' users.

Trouble occurs when this type of user tries to SSO into Moodle, it appears to find the cookie session but then it can't load the correct uid , and then defaults to anonymous, and it all stops, some debug dump of said user:

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

attempting to reach service url: http://ssw.unc.edu/sswevents/index.php?q=/moodlesso/user/token

line 183 of \auth\drupalservices\REST-API.php: call to debugging()
line 68 of \auth\drupalservices\REST-API.php: call to RemoteAPI->CurlHttpRequest()
line 209 of \auth\drupalservices\REST-API.php: call to RemoteAPI->GetCSRFToken()
line 99 of \auth\drupalservices\auth.php: call to RemoteAPI->Connect()
line 89 of \login\index.php: call to auth_plugin_drupalservices->loginpage_hook()

attempting to reach service url: http://ssw.unc.edu/sswevents/index.php?q=/moodlesso/system/connect

line 183 of \auth\drupalservices\REST-API.php: call to debugging()
line 213 of \auth\drupalservices\REST-API.php: call to RemoteAPI->CurlHttpRequest()
line 99 of \auth\drupalservices\auth.php: call to RemoteAPI->Connect()
line 89 of \login\index.php: call to auth_plugin_drupalservices->loginpage_hook()

Live session detected the user returned is stdClass Object ( [sessid] => xgKNPJ4drkyPJUuJmWCZusTugxjNipuZ3NaJop3sEhE [session_name] => SESS321f1fdf5d46e0df333ef0d3e4d768aa [user] => stdClass Object ( [uid] => 0 [hostname] => 152.19.139.73 [roles] => stdClass Object ( [1] => anonymous user )

        [cache] => 0
        [timestamp] => 1441207626
    )

)

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Now remember, this all works with a regular Drupal user, so close!

[goose2000]

Following the debug info above, we get as far as "Live session detected". then checks against uid for anonymous user, and that's where I got stopped, so never pick up the uid.

Well, apply more logic to it and I must assume:

1. the session actually is associated with uid 0 (anonymous user) OR
2. somehow the uid just defaults to 0 if it can't be loaded?

debugging("

Live session detected the user returned is\r\n".print_r($ret,true)."

", DEBUG_DEVELOPER); $uid = $ret->user->uid; if ($uid < 1) { //No anon return; } // The Drupal session is valid; now check if Moodle is logged in... if (isloggedin() && !isguestuser()) { return; }

    $drupaluser = $apiObj->Index("user/{$uid}");
    debugging("<pre>The full user data about this user is:\r\n".print_r($drupaluser,true)."</pre>",DEBUG_DEVELOPER);
    //create/update looks up the user and writes updated information to the DB
    $this->create_update_user($drupaluser);

Going to add some more debug statements ...

[goose2000]

Problem was with Shibboleth module unnecessarily deleting the cookie session and re-generating it. And so Moodle SSO lost the cookie, or more accurately, working with old cookie session.