Forums | Mahara Community
Support
/
PROBLEM WITH SAML
04 July 2019, 23:05
I have a institution with saml and ldap authentication, but i don't make it work. I have this problem:
Not found
The page you are looking for could not be found.
Institution for connecting user not resolved
And ssl_error_log:
[Thu Jul 04 12:56:33 2019] [error] [client 192.168.222.8] ssphp-https://mahara NOTICE STAT [308ec20c98] saml20-sp-SSO-first mahara.uvic.cat/mahara https://sam.uvic.cat NA, referer: https://sam.uvic.cat/simplesaml/module.php/core/loginuserpass.php?
Can you help me please?
(Centos 6 and php 7.0.33)
05 July 2019, 9:53
Hi Joan,
The error message 'Institution for connecting user not resolved' means that an internal Mahara institution cannot be found based on the information passed back from the SAML authentication.
To check what is happening you can do:
1) turn on non-production mode by addingthe following line to your htdocs/config.php file
$cfg->productionmode = false;
2) in htdocs/auth/saml/index.php after the line beginning with '$saml_attributes = ' (about line 126) add the following
log_debug($saml_attributes);
3) Try logging in via SAML and you should see some output about the attributes coming back from the IdP
4) Now do the following command on your database:
select * from auth_instance_config where field in ('institutionattribute', 'institutionvalue') order by instance;
Now an institutionattribute value should match one of the keys in the $saml_attribute array from step 2
And the same institution's institutionvalue value should match the value for the key
If there are no matches then you'll need to update the SAML instance via the Admin -> Institutions for the institution the user should be logging in to
Hopefully that helps
Cheers
Robert
08 July 2019, 20:36
Thank you for you answer.
Now, I no longer have the error of the institution.
But, I have a other error message:
Not found
The page you are looking for could not be found.
No user found
Some idea?
11 July 2019, 9:00
Hi Joan,
Did you check if the page still exists for that user? You can check that in the database or if you want to do a quick check, use the portfolio access report.
Cheers
Kristina
28 August 2019, 21:05
Hi, Yes, I have checked the database and the user exists.
The user has the first loggin option with LDAP. Althought, the option saml autocreate user is activated.
But when I want to loggin with saml (SSO) I don't find the user.
Some idea?
Thanks!
05 September 2019, 7:40
Hi Joan,
Can you find the user in general? If they log in via LDAP, they can't log in via SAML as well and end up in the same account. They would get a second account created.
Cheers
Kristina