Forums | Mahara Community

Support /
PROBLEM WITH SAML


Joan Forcada's profile picture
Posts: 35

04 July 2019, 11:05 PM

I have a institution with saml and ldap authentication, but i don't make it work. I have this problem: 

Not found

The page you are looking for could not be found.

Institution for connecting user not resolved

 

And ssl_error_log:

[Thu Jul 04 12:56:33 2019] [error] [client 192.168.222.8] ssphp-https://mahara NOTICE STAT [308ec20c98] saml20-sp-SSO-first mahara.uvic.cat/mahara https://sam.uvic.cat NA, referer: https://sam.uvic.cat/simplesaml/module.php/core/loginuserpass.php?

 

Can you help me please?

 

(Centos 6 and php 7.0.33)

Robert Lyon's profile picture
Posts: 511

05 July 2019, 9:53 AM

Hi Joan,

The error message 'Institution for connecting user not resolved' means that an internal Mahara institution cannot be found based on the information passed back from the SAML authentication.

To check what is happening you can do:

1) turn on non-production mode by addingthe following line to your htdocs/config.php file

$cfg->productionmode = false;

2) in htdocs/auth/saml/index.php after the line beginning with '$saml_attributes = ' (about  line 126) add the following

log_debug($saml_attributes);

3) Try logging in via SAML and you should see some output about the attributes coming back from the IdP

4) Now do the following command on your database:

select * from auth_instance_config where field in ('institutionattribute', 'institutionvalue') order by instance;

Now an institutionattribute value should match one of the keys in the $saml_attribute array from step 2

And the same institution's institutionvalue value should match the value for the key

If there are no matches then you'll need to update the SAML instance via the Admin -> Institutions for the institution the user should be logging in to

 

Hopefully that helps

Cheers

Robert

Joan Forcada's profile picture
Posts: 35

08 July 2019, 8:36 PM

Thank you for you answer. 

Now, I no longer have the error of the institution.

But, I have a other error message: 

 

Not found

The page you are looking for could not be found.

No user found

 

Some idea?

Joan Forcada's profile picture
Posts: 35

09 July 2019, 7:37 PM

Tell me something please.

Kristina Hoeppner's profile picture
Posts: 3864

11 July 2019, 9:00 AM

Hi Joan,

Did you check if the page still exists for that user? You can check that in the database or if you want to do a quick check, use the portfolio access report.

Cheers

Kristina

Joan Forcada's profile picture
Posts: 35

28 August 2019, 9:05 PM

Hi,
Yes, I have checked the database and the user exists. 
The user has the first loggin option with LDAP. Althought, the option saml autocreate user is activated.
But when I want to loggin with saml (SSO) I don't find the user.

Some idea?

Thanks!
Kristina Hoeppner's profile picture
Posts: 3864

05 September 2019, 7:40 AM

Hi Joan,

Can you find the user in general? If they log in via LDAP, they can't log in via SAML as well and end up in the same account. They would get a second account created.

Cheers

Kristina

7 results