Forums | Mahara Community

Support / PROBLEM WITH SAML

Posts: 35

04 July 2019, 11:05 PM

I have a institution with saml and ldap authentication, but i don't make it work. I have this problem:

The page you are looking for could not be found.

Institution for connecting user not resolved

And ssl_error_log:

[Thu Jul 04 12:56:33 2019] [error] [client 192.168.222.8] ssphp-https://mahara NOTICE STAT [308ec20c98] saml20-sp-SSO-first mahara.uvic.cat/mahara https://sam.uvic.cat NA, referer: https://sam.uvic.cat/simplesaml/module.php/core/loginuserpass.php?

(Centos 6 and php 7.0.33)

Posts: 511
Re: PROBLEM WITH SAML

05 July 2019, 9:53 AM

Hi Joan,

The error message 'Institution for connecting user not resolved' means that an internal Mahara institution cannot be found based on the information passed back from the SAML authentication.

To check what is happening you can do:

1) turn on non-production mode by addingthe following line to your htdocs/config.php file

$cfg->productionmode = false; 2) in htdocs/auth/saml/index.php after the line beginning with '$saml_attributes = ' (about  line 126) add the following

log_debug($saml_attributes); 3) Try logging in via SAML and you should see some output about the attributes coming back from the IdP 4) Now do the following command on your database: select * from auth_instance_config where field in ('institutionattribute', 'institutionvalue') order by instance; Now an institutionattribute value should match one of the keys in the$saml_attribute array from step 2

And the same institution's institutionvalue value should match the value for the key

If there are no matches then you'll need to update the SAML instance via the Admin -> Institutions for the institution the user should be logging in to

Hopefully that helps

Cheers

Robert

Posts: 35
Re: PROBLEM WITH SAML

08 July 2019, 8:36 PM

Now, I no longer have the error of the institution.

But, I have a other error message:

The page you are looking for could not be found.

No user found

Some idea?

Posts: 35
Re: PROBLEM WITH SAML

09 July 2019, 7:37 PM

Posts: 3864
Re: PROBLEM WITH SAML

11 July 2019, 9:00 AM

Hi Joan,

Did you check if the page still exists for that user? You can check that in the database or if you want to do a quick check, use the portfolio access report.

Cheers

Kristina

Posts: 35
Re: PROBLEM WITH SAML

28 August 2019, 9:05 PM

Hi,
Yes, I have checked the database and the user exists. The user has the first loggin option with LDAP. Althought, the option saml autocreate user is activated.But when I want to loggin with saml (SSO) I don't find the user.Some idea?Thanks!
Posts: 3864
Re: PROBLEM WITH SAML

05 September 2019, 7:40 AM

Hi Joan,

Can you find the user in general? If they log in via LDAP, they can't log in via SAML as well and end up in the same account. They would get a second account created.

Cheers

Kristina

7 results