Forums | Mahara Community
CAS authentication not working in Version 17.04.02
20 September 2017, 4:22 AM
We are facing problems with inbuilt CAS authentication Plugin when we upgraded Mahara from version 15 to version 17.04.02. The CAS authentication is failing. Did someone successfully configured the CAS plugin that comes with Version 17 of Mahara?
20 September 2017, 5:12 AM
My fresh an shiny 17.04.3 mahara installation contains no CAS plugin.
The only SSO type plugin i see is a SAML plugin.
Maybe you are using some third party plugin?
20 September 2017, 8:38 AM
I've adjusted the CAS plugin to work better with Mahara 17.04
Please make those changes to your CAS plugin and see if that helps
20 September 2017, 9:09 AM
Thanks for your information. We incorporated your changes, but still no luck.
We have a doubt though - Do you know why the LDAP fields are required in the configuration? We just wan to use CAS.
20 September 2017, 10:58 AM
I made a merge mistake with that branch and the way the plugin handles sessions - I've fixed up now
Please try it again.
The LDAP settings I believe are for ldap sync of users via cron runs as I don't think CAS handles that directly
21 September 2017, 8:16 AM
If you still encounter problems, please provide error messages and what your hosting environment is incl. version of PHP, OS and DB.
22 September 2017, 8:25 AM
We're getting the following message:
You have not provided the correct credentials to log in. Please check your username and password are correct.
With some debugging we've detecting that CAS plugin is not taking into consideration at all during the login process, even though, it is active and configured as it was working in 15.04.
Distributor ID: Debian
Description: Debian GNU/Linux 8.9 (jessie)
Server version: Apache/2.4.10 (Debian)
Server built: Jul 18 2017 18:32:16
Server's Module Magic Number: 20120211:37
Server loaded: APR 1.5.1, APR-UTIL 1.5.4
Compiled using: APR 1.5.1, APR-UTIL 1.5.4
Server MPM: prefork
forked: yes (variable process count)
Server version: 10.0.32-MariaDB-0+deb8u1 (Debian)
PHP 5.6.30-0+deb8u1 (cli) (built: Feb 8 2017 08:50:21)
26 September 2017, 1:08 PM
Did you apply the changes that Robert had made to the plugin? If so and you still have problems:
Did you make sure that the user still has CAS as their authentication method? Does it happen with every account?
If you didn't need LDAP configured before you shouldn't need it now as the plugin itself hasn't changed.
27 September 2017, 4:33 AM
Yes, we've applied that change to session handling (no more $_SESSION). What we've found is that in previous version of Mahara, regardless the value of authinstance in usr table, user always vas able to login with CAS (We use xmlrpc also, so all users have authinstance set to that service). We suspect something changed in auth process and CAS is no longer being taken into account.
We're still debugging to find a solution, so any pointers will be greatly appreciated!
27 September 2017, 2:48 PM
If all your users have their auth set to MNet, then a second account would be created if they logged in via CAS unless you connect CAS as parent auth. Can you please provide answers to the following:
- Is CAS set as parent auth to Moodle?
- Do you use the CAS button or are you trying to use the regular login form?
- Can you log in with any CAS account (no matter whether connected to Moodle or not)?
- What do you see in the error log when you try to access Mahara via CAS with the correct credentials?