search

moodle-saml / auth

Moodle SAML Auth plugin
https://moodle.org/plugins/auth_saml
3 stars 21 forks source link

Issue with installing latest version of plugin 15-01-2019 #14

Open briguy11 opened 5 years ago

briguy11 commented 5 years ago

I put my site into maintenance mode, installed the plugin then went to take my site out of maintenance mode and now I cannot and cannot get past this error.

please help.

Invalid admin setting (auth_saml/**)

More information about this error

thanks

alex4108 commented 5 years ago

Hello,

We are experiencing similar issues. We installed the plugin on 3.4 and now are unable to access any administration functions, per this error:

Invalid admin setting (auth_saml/course_mapping_SITE_TITLE) Site title contains a space and an exclamation point.

We restored access to the administration panel by commenting line 1701 of lib/adminlib.php, basically, stopped throwing the error.

heidiwik commented 5 years ago

Also issues with Totara 11.11. Requirement of Totara version 2017111300 fails, we have version 2019012400. If we modify this manually, install fails again to _Exception - Call to undefined function upgrade_fix_config_auth_pluginnames()

tbannister commented 5 years ago

I ran into this problem as well while testing this plugin for a client. The problem, in our case, was that the client had course names with dashes in them. Dashes are not valid character for admin setting names. The real problem is line 227 in the settings.php file. It takes course shortname and uses it as part of the admin setting name without properly cleansing the course shortname.

Specifically, admin settings can only have letters, numbers and underscores in them so everything else has to be removed from the course shortname. The shortname is PARAM_TEXT in the Moodle code which means it can have most normal text characters, including punctuation and even and html tags.

The impact of this bug is pretty severe, it disables administrator access to the site entirely and I'm not sure if impacts student access.

tbannister commented 5 years ago

Pull request to fix this bug submitted: #17

steveomg commented 5 years ago

Same issue here. Had to comment out adminlib checks as course names have / & dashes and other characters

tbannister commented 5 years ago

Just a note for anyone following this issue, it looks like this was addressed in a July 16th commit:

Implement feature to check if there are course mapping values duplicated. Clean course shortname before generating its related course mapping setting.