Automatic creation of new users fails when Shibboleth authentication is selected

catalyst / moodle-tool_cohortdatabase

Tool for sync of cohorts using external db.

3 stars 5 forks source link

Automatic creation of new users fails when Shibboleth authentication is selected #9

Open dcadiou opened 4 years ago

dcadiou commented 4 years ago

When _createusersauth is set to 'Shibboleth', user creation fails and returns :

Execute scheduled task: Sync cohorts with external database (tool_cohortdatabase\task\sync)
... used 34 dbqueries
... used 0.32330203056335 seconds
Scheduled task failed: Sync cohorts with external database (tool_cohortdatabase\task\sync),Moodle needs certain Shibboleth attributes which are not present in your case. The attributes are: 'eppn' (''), 'givenName' (''), 'sn' ('') and 'mail' ('')<br />Please contact the webmaster of this server or your Identity Provider.

dcadiou commented 4 years ago

I'm far from being a Shibboleth expert, but I think I understand roughly what happen. (if any expert is there, please correct me if I'm wrong)

To create a new user, _toolcohortdatabase, calls _create_userrecord() from the Moodle API (in lib/moodlelib.php). This function starts to call _getuserinfo() for the selected authentication plugin (auth/shibboleth/auth.php in our case).

The error is returned by this function (at line 108). It try to get 4 authentication datas equivalent to username, firstname, lastname and mail, but named differently, in relation with what is defined in the shibboleth auth plugin configuration. Those Shibboleth authentication attributes are supposed to been stored in the _$SERVER php variable (for identity provider in 2.x version). But when _toolcohortdatabase call the _getuserinfo() function, _$SERVER doesn't contains these items. Then the error is raised.

dcadiou commented 4 years ago

I tried to push a new branch to create a pull request containing the solution I found, but it seems I haven't enough privileges to be allowed to. Therefore I attached a patch :

issue_9.patch.zip

danmarsden commented 4 years ago

Hi there - thanks for the report.

To submit a patch you need to fork the repo into your own account (use the fork link at the top), then commit the changes to a local branch in your own account and submit a pull request with the change - if you could do that it so we could take a look it would be great!

thanks,

dcadiou commented 4 years ago

I forgot to mention that I worked on a 3.7.3 (Build: 20191111) release of Moodle ($version = 2019052003.00).

dcadiou commented 4 years ago

Just for information on Shibboleth service provider attributes access, you can see : https://wiki.shibboleth.net/confluence/display/SP3/AttributeAccess