Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Shibboleth, anybody doing?

More
6 years 1 month ago #187391 by Jmantysalo
The plugin that I was not able to make work was github.com/atlet/LimeSurvey-ShibbolethAuth but maybe I did not try hard enought.

Currently I have no code that would be usable to other. I do have some ideas though. First, see for example groups.uta.fi/login/login_selection.php?lang=en where our Moodle can be accessed by Shibboleth accout or with local account (and there is even third way). Second, basic information should be checked on login, so that changed name or email address would be mirrored to LS too. Third, the plugin should block the user to make changes in his/her information that comes from SB.

We are currently wondering what survey systems to use here, and LS is one possible solution.
The topic has been locked.
More
5 years 4 months ago #198671 by leandrobhbr
The following user(s) said Thank You: DenisChenu
The topic has been locked.
More
5 years 4 months ago #198674 by Jmantysalo
Plugin I wrote (=modified from SB-auth and LDAP-auth -plugins) for our internal use is 125 lines long, this one is 171 lines.

What I don't get is how the system can be used to login with both SB and by local accounts. My plugin does that neither.
The topic has been locked.
More
5 years 4 months ago #198697 by leandrobhbr
I had an idea, but I haven't tested it yet.

You can use two URLs

In apache you protect only /admin
<Location /admin>

        AuthType shibboleth

        ShibRequireSession On

        require valid-user

</Location>


In other url. You send get variable

/index.php/admin/authentication/sa/login?sb=no

$GET in code of plugin will control the two forms of login.
The topic has been locked.
More
5 years 4 months ago #198699 by Jmantysalo
Yes, this is quite what I have been thinking. (But not done, as my boss said we won't have local accounts in this system. Also, accounts for API calls can still be local.)
The topic has been locked.
More
5 years 4 months ago - 5 years 4 months ago #198727 by DenisChenu

Jmantysalo wrote: accounts for API calls can still be local

If you use API : plugin need to register to a specifi event : www.limesurvey.org/manual/Authentication...t#remoteControlLogin

Currently you have sample with username/password account (LDAP and DB), can be harder with another method ;)


EDIT : about API
Remind to check the current plugin :
github.com/LimeSurvey/LimeSurvey/blob/c6...thLDAP.php#L419-L425

@leandrobhbr : seems you didn't check it ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
Last edit: 5 years 4 months ago by DenisChenu. Reason: EDIT
The topic has been locked.
More
5 years 4 months ago #198736 by leandrobhbr
i didn't check...
i will check now. thanks
The topic has been locked.
More
5 years 4 months ago #198745 by Jmantysalo
My last message was stupid. Another try:

You can just add to your Apache settings something like

<Location /limesurvey/index.php/admin/remotecontrol>
ShibRequestSetting requireSession 0
AuthType None
Require host my.survey.server

and then you can use API with local accounts.
The topic has been locked.
Moderators: holchtpartner

Lime-years ahead

Online-surveys for every purse and purpose