Shibboleth, anybody doing?

More
1 year 1 month ago #187391 by Jmantysalo
The plugin that I was not able to make work was github.com/atlet/LimeSurvey-ShibbolethAuth but maybe I did not try hard enought.

Currently I have no code that would be usable to other. I do have some ideas though. First, see for example groups.uta.fi/login/login_selection.php?lang=en where our Moodle can be accessed by Shibboleth accout or with local account (and there is even third way). Second, basic information should be checked on login, so that changed name or email address would be mirrored to LS too. Third, the plugin should block the user to make changes in his/her information that comes from SB.

We are currently wondering what survey systems to use here, and LS is one possible solution.

Please Log in to join the conversation.

More
4 months 2 weeks ago #198671 by leandrobhbr
The following user(s) said Thank You: DenisChenu

Please Log in to join the conversation.

More
4 months 2 weeks ago #198674 by Jmantysalo
Plugin I wrote (=modified from SB-auth and LDAP-auth -plugins) for our internal use is 125 lines long, this one is 171 lines.

What I don't get is how the system can be used to login with both SB and by local accounts. My plugin does that neither.

Please Log in to join the conversation.

More
4 months 2 weeks ago #198697 by leandrobhbr
I had an idea, but I haven't tested it yet.

You can use two URLs

In apache you protect only /admin
<Location /admin>

        AuthType shibboleth

        ShibRequireSession On

        require valid-user

</Location>


In other url. You send get variable

/index.php/admin/authentication/sa/login?sb=no

$GET in code of plugin will control the two forms of login.

Please Log in to join the conversation.

More
4 months 2 weeks ago #198699 by Jmantysalo
Yes, this is quite what I have been thinking. (But not done, as my boss said we won't have local accounts in this system. Also, accounts for API calls can still be local.)

Please Log in to join the conversation.

More
4 months 2 weeks ago - 4 months 2 weeks ago #198727 by DenisChenu

Jmantysalo wrote: accounts for API calls can still be local

If you use API : plugin need to register to a specifi event : manual.limesurvey.org/Authentication_plu...t#remoteControlLogin

Currently you have sample with username/password account (LDAP and DB), can be harder with another method ;)


EDIT : about API
Remind to check the current plugin :
github.com/LimeSurvey/LimeSurvey/blob/c6...thLDAP.php#L419-L425

@leandrobhbr : seems you didn't check it ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
Last edit: 4 months 2 weeks ago by DenisChenu. Reason: EDIT

Please Log in to join the conversation.

More
4 months 2 weeks ago #198736 by leandrobhbr
i didn't check...
i will check now. thanks

Please Log in to join the conversation.

More
4 months 2 weeks ago #198745 by Jmantysalo
My last message was stupid. Another try:

You can just add to your Apache settings something like

<Location /limesurvey/index.php/admin/remotecontrol>
ShibRequestSetting requireSession 0
AuthType None
Require host my.survey.server

and then you can use API with local accounts.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now