"You have logged in successfully but we could not find your 'uid' attribute to associate you to an account in Moodle."

catalyst / moodle-auth_saml2

SAML done 100% in Moodle, fast, simple, secure

70 stars 132 forks source link

"You have logged in successfully but we could not find your 'uid' attribute to associate you to an account in Moodle." #716

Closed FDVL closed 1 year ago

FDVL commented 1 year ago

What happened? I have a wordpress website as an IDP using "miniorange SAML 2.0 SSO" plugin. It works well with "miniorange SAML 2.0 SSO moodle" plugin however it lacks a lot of the options "SAML2 Single sign on" has thus, the interest in using this plugin. However, when I configure "SAML2 Single sign on" it displays:

I have tried multiple mapping combinations in idpattr and field_map_email to user_email as displayed in the MiniOrange SSO Wordpress IDP and others like emailAddress, however the result is always the same. (Miniorange SAML 2.0 SSO in wordpress mapping)

/auth/saml2/test.php renders the following results:

SP name: po**.com

Which IdP will be used? ee26e21c04780ad78381b*****

IDP: https://po********.com/wp-content/plugins/miniorange-wp-as-saml-idp/ md5: ee26e21c04780ad78381b check: ee26e21c04780ad78381b

Authed with IdP https://po********.com/wp-content/plugins/miniorange-wp-as-saml-idp/ [] You are logged in: Logout

brendanheywood commented 1 year ago

The saml idp needs to a) send a value to uniquely identify the user, and then b) you need to configure it. To figure out what the idp is actually sending use the test script that is described here:

https://github.com/catalyst/moodle-auth_saml2/wiki/Quick-start-Guide#step-5-discover-the-attributes-sent-from-the-idp

Once you know the key / value want then you can plug is into idpattr setting. If the idp is not sending the value you want then it is an idp configuration issue.

FDVL commented 1 year ago

Thanks for the reply.

a) Since it works with "miniorange SAML 2.0 SSO moodle" plugin the idp is sending an identifier b) Seems to be the missing factor as I simply can't find the attributes that are being sent

I had already seen the quick guide but did not have any success. Is /auth/saml2/test.php the test script you mentioned? I've already copied the results in the first post. I can see on the quick guide "Use this test page to cut and paste the exact key names in the next steps to avoid subtle typo errors.". Is it the test page the same one as above?

brendanheywood commented 1 year ago

Ah it isn't sending any attributes at all. It might be sending a NameId and you can turn that into an attribute so moodle can map it using the auth_saml2 | nameidasattrib = yes settings

FDVL commented 1 year ago

Changed _authsaml2 | nameidasattrib to yes

/auth/saml2/test.php now rendered this additional scetion: { "nameid": [ "**@gmail.com" ] }

Then changed _authsaml2 | idpattr to nameid and everything works as suposed!

Very grateful for the support!!