domenecsos
commented
2 years ago "anyauth" config key, sorry.
Open domenecsos opened 2 years ago
domenecsos
commented
2 years ago "anyauth" config key, sorry.
brendanheywood
commented
2 years ago @domenecsos would you be able to put that into a pull request for the readme please?
I just installed the plugin on an existing Moodle test environment for a local educational organization. As their IdP is simplesamlphp based, metadata exchange went smoothly. The SAML2 Login button appeared and it took us to the IdP and back to Moodle after authenticating there.
Then I got the "you're authenticated as a@b.edu but are not authorized to enter Moodle" message. Weird as the user actually existed, as many thousands of LDAP based users exist too. From the LDAP hint you surely know what the issue was, but I was a newbie of the plugin ;) So after some debugging I got the solution and ask you to please add a note like
"In case that previous to the plugin install there are LDAP (or any other auth) based users, set the allow any authentication (auth2_any) flag to Yes".
In our (my customer's) very particular case, keeping the users as LDAP based seems to be important as they regularly refresh user's data from the LDAP, according to their Moodle guy (I am the SAML2 guy).
Thanks for your time, and a very good implementation of SAML2 security from the code I grasped, I must say :)