12 January 2014, 13:26

Hello, 

we have moodle 2.5 and mahara 1.8.1 - both of which have been used sepertely for  while and both of which use LDAP for authentication. We now want to use the mahoodle integration - I have set up networking, the peer set up on moodle is good - but whenever a user logs into moodle and then tries to access mahara via network server link they get rejected - the message is at the bottom of this post (the usual unable to sign in error).

 If I check "we auto-create users" then it works but creates a new user account for mahara - so I at least know the servers are communicating correctly.  I have set the parent authority option to look at LDAP but it simply doesn't seem to want to refer to LDAP when receiving an SSO request.  Does anyone have any ideas?  

Unfortunately I can't just re-create the mahara accounts as there is a fair bit of work in the majority of the users (1200+).

 

Thanks in advance!

Unable to sign in via SSO.

We were unable to authenticate you at this time. Possible reasons might be:

* Your SSO session might have expired. Go back to the other application and click the link to sign into Mahara again.
* You may not be allowed to SSO to Mahara. Please check with your administrator if you think you should be allowed to.

 

 

13 January 2014, 13:08

Hi Adam,

Since they can log in if you tick the "we auto-create users" box, it means that the XMLRPC linkage is working correctly, but Mahara is failing to identify the existing Mahara user account for each user roaming across from Moodle. Based on that, there are two things to check.

1. Make sure the users' Moodle username is the same as the username on their existing Mahara account. If it's not, you'll have to fill in the Moodle username in each user's "Remote username" account settings field in Mahara.

2. Since you've set LDAP as the parent authority to XMLRPC in Mahara, make sure the users in Mahara still have LDAP listed as their authentication method.

If you need to make bulk changes to the users' remote username or authentication method, check out this section in the manual: http://manual.mahara.org/en/1.8/administration/users.html#change-authentication-method

Cheers,

Aaron

14 January 2014, 8:47

Hi,

thanks for your response Aaron.

The username is the same.  When I try to login with SSO and "we create..." checked though it says in the error.log that it doesn't recognise the name and can't create the account.  If I let it create the account it appends a 1 onto the username - as everything else is the same?! 

Each user has LDAP as their authentication method as this is the method they have used - and still use.

Can't help but think part of the problem is that although the accounts are both created via LDAP there is some sort of problem with establishing SSO on two existing accounts.

 

Thanks again for your suggestions.

Adam

14 January 2014, 10:59

Hi Adam - you sound like you are hitting similar problems to us when we tried (and eventually succeeded) to get this working.

Here are two more suggestions that may help:

1. Are you only getting this problem in IE?  Make sure Moodle and Mahara are both operating in the same security zone (Tools --> Internet Options --> Secuirty).  We had one in Local intranet and one in Internet and this was causing an error message (can't remember now if it was the same one).

2.  Add this line to the config.php file

$cfg->usersuniquebyusername = true;

Before you do this, make sure that all institutions (and the no institution) are set to not allow self registration.  Then tick the boxes for "we create.."

I think this is what it was that got it working for us in the end - hope this helps.

Cheers - Anita

17 January 2014, 7:40

Thanks Anita,

 

I'd already tried the usersuniquebyusername option with no joy.  Unfortunately I get the problem regardless of browser - most annoying!

 

Thanks for your suggestions though - everything appreciated.

Adam

20 January 2014, 13:44

Hello Adam,

Can you please check the Moodle and Mahara error logs? Sometimes they are more explicit in what the error means that you get on the screen. Recently, I linked up Moodle accounts to existing LDAP accounts on Mahara making LDAP the parent authority for MNet and didn't run into any issues. Please double-check that every LDAP account has a remote username, which should match their LDAP account.

Cheers

Kristina

 

21 March 2014, 0:17

Hello anyone who may read this thread!  I did fix the problem in the end - for our institution I had to make sure that there was a remoteuser entry in the mahara user profile (eg - username=adamg, remoteuser=adamg) - as mentioned by Kristina below.  Although the accounts have identical names it still needed to have this included for it to work.

The only annoying thing I found was that I had to unlock all the profile fields before being able to upload the csv, but that isn't related to this post.

Hope this proves helpful for someone, and thanks to everyone that posted suggestions.

 

Ta,

 

Adam

04 November 2014, 3:21

Hello

We also faced some issues with our mahara (Mahara v1.9 with plugin assignsubmission_mahara from Catalyst on Moodle 2.6)

Some questions :

- We have nearly 50% of our users who don't have remoteuser information on their profile... How is it possible ? How to fix it ?

- By the way, where this information is stored in the db, which table ?

Our authentification configuration is the following : (see also screenshot)

• 1 authentification LDAP (mandatory for CAS)
• 1 authentification CAS
• and 4 XML-RPC authentification methods (1 per Moodle), each one has parent authentification = CAS

We're using Mahara assignment activities on each Moodle, but it's very unstable, sometimes users can't submit pages (no pages or collection found), depending on their profile authentification.

=> Can we have unlimited xml-rpc authentification methods or is it limited ?

=> For our users, which authentification method should be associated to their profile ?

We spent hours to understand the issue without sucess...

Thanks for your help

Emilie

 

04 November 2014, 5:23

Hi Emilie,

I will leave to others to provide a deeper answer, but in my own experience, having the same timestamp on each server is essenital. If there is more than 3 sec shift between Mahara and Moodle on the plateform, xml-rpc (underpining mnet) functions fail.

I have installed a time server on each my servers and it has solved 90% of my xml-rpc problems.

Furthermore, if you are using more than one auth methods, you may be aware of cfg command to manage multiple auth on the same identiy (cfg->usersuniquebyusername=true)

-dajan

04 November 2014, 22:03

Hi Dominique

Thanks for your answer

We already set in the config cfg->usersuniquebyusername=true and we have exactly the same timestamp on each server..

Any other experience or advise with such issue ?

This is making us crazy.. :-((

Emilie