Forums | Mahara Community

Support /
CAS authentication not working in Version 17.04.02


20 September 2017, 4:22 AM

Hi,

We are facing problems with inbuilt CAS authentication Plugin when we upgraded Mahara from version 15 to version 17.04.02. The CAS authentication is failing. Did someone successfully configured the CAS plugin that comes with Version 17 of Mahara?

Regards,

Kabi

Dirk Oelkers's profile picture
Posts: 1

20 September 2017, 5:12 AM

My fresh an shiny 17.04.3 mahara installation contains no CAS plugin.

The only SSO type plugin i see is a SAML plugin.

Maybe you are using some third party plugin?

Robert Lyon's profile picture
Posts: 343

20 September 2017, 8:38 AM

Hi Kabilan,

I've adjusted the CAS plugin to work better with Mahara 17.04

https://github.com/robertlyon777/mahara_plugin_auth_cas/tree/17.04_STABLE

The changes I made https://github.com/robertlyon777/mahara_plugin_auth_cas/commit/7d85fe367725cc69afa24d1fdff6a179fe6805af

Please make those changes to your CAS plugin and see if that helps

Cheers

Robert

 

20 September 2017, 9:09 AM

Hi Robert,

Thanks for your information. We incorporated your changes, but still no luck.

We have a doubt though - Do you know why the LDAP fields are required in the configuration?  We just wan to use CAS.

Regards,

Kabi

Robert Lyon's profile picture
Posts: 343

20 September 2017, 10:58 AM

Hi Kabilan

I made a merge mistake with that branch and the way the plugin handles sessions - I've fixed up now

https://github.com/robertlyon777/mahara_plugin_auth_cas/tree/17.04_STABLE

The difference was https://github.com/robertlyon777/mahara_plugin_auth_cas/commit/641e3624b3bc98a13cf3b74438bdcd71e9b7c833

Please try it again.

The LDAP settings I believe are for ldap sync of users via cron runs as I don't think CAS handles that directly

Cheers

Robert

Kristina Hoeppner's profile picture
Posts: 3366

21 September 2017, 8:16 AM

Hi Kabi,

If you still encounter problems, please provide error messages and what your hosting environment is incl. version of PHP, OS and DB.

Cheers

Kristina

 

Herson Cruz's profile picture
Posts: 8

22 September 2017, 8:25 AM

Hi Kristina,

We're getting the following message:

You have not provided the correct credentials to log in. Please check your username and password are correct.

With some debugging we've detecting that CAS plugin is not taking into consideration at all during the login process, even though, it is active and configured as it was working in 15.04.

Our environment:

[Linux]

Distributor ID: Debian
Description: Debian GNU/Linux 8.9 (jessie)
Release: 8.9
Codename: jessie

[Apache]

Server version: Apache/2.4.10 (Debian)
Server built: Jul 18 2017 18:32:16
Server's Module Magic Number: 20120211:37
Server loaded: APR 1.5.1, APR-UTIL 1.5.4
Compiled using: APR 1.5.1, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)

[MySQL]

Server version: 10.0.32-MariaDB-0+deb8u1 (Debian)

[PHP]

PHP 5.6.30-0+deb8u1 (cli) (built: Feb  8 2017 08:50:21)

 

Best regards,

 

Herson

Kristina Hoeppner's profile picture
Posts: 3366

26 September 2017, 1:08 PM

Hi Herson,

Did you apply the changes that Robert had made to the plugin? If so and you still have problems:

Did you make sure that the user still has CAS as their authentication method? Does it happen with every account?

If you didn't need LDAP configured before you shouldn't need it now as the plugin itself hasn't changed.

Cheers

Kristina

 

Herson Cruz's profile picture
Posts: 8

27 September 2017, 4:33 AM

Hi Kristina,

Yes, we've applied that change to session handling (no more $_SESSION). What we've found is that in previous version of Mahara, regardless the value of authinstance in usr table, user always vas able to login with CAS (We use xmlrpc also, so all users have authinstance set to that service). We suspect something changed in auth process and CAS is no longer being taken into account.

We're still debugging to find a solution, so any pointers will be greatly appreciated!

Thanks,

Herson

Kristina Hoeppner's profile picture
Posts: 3366

27 September 2017, 2:48 PM

Hi Hernon,

If all your users have their auth set to MNet, then a second account would be created if they logged in via CAS unless you connect CAS as parent auth. Can you please provide answers to the following:

  1. Is CAS set as parent auth to Moodle?
  2. Do you use the CAS button or are you trying to use the regular login form?
  3. Can you log in with any CAS account (no matter whether connected to Moodle or not)?
  4. What do you see in the error log when you try to access Mahara via CAS with the correct credentials?

Cheers

Kristina

 

12 results