Authwebserver not working for LS v4.2.3 on CentOS 7.8, httpd 2.4.34

More
4 months 5 days ago - 4 months 5 days ago #199733 by jestrada
Please help.

I have Authwebserver enabled; it is not configured to be the default auth method. When the PHP variable $_SERVER is NOT defined I can login successfully via Authdb.


This is what a successful login looks like via Authdb; I see these lines added to my ssl_limesurvey-access_log log file:
First these two lines are added when the login page is displayed:
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 200 17762

Next these two lines are added after I enter my correct username and password:
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "POST /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "GET /admin/ HTTP/1.1" 200 48817

At this point I am successfully logged in.


This is what an unsuccessful login looks like via Authwebserver. In this case the PHP variable $_SERVER has a value of 'jestrada' minus the quotes. Mozilla Firefox 76.0.1 (64-bit) displays an error page saying: "The page isn't redirecting properly An error occurred during a connection to
web001.limesurvey-access-dev.xxxx.net. This problem can sometimes be caused by disabling or refusing to accept cookies." I verified the cookie things is NOT my issue. These are the lines added to my ssl_limesurvey-access_log log file:

100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -

After that, I can no longer login as myself or an any other user, even the 'admin' user. This is true even though I've verified that the PHP variable $_SERVER is no longer defined. My browser shows a floating error message on the "Log in" page saying: You have exceeded the number of
maximum login attempts. Please wait 10 minutes before trying again."

If you need any additional information, please just ask. Let me just say thanks in advance to anyone willing to give me a hand with this problem.

Joseph J. Estrada
Last edit: 4 months 5 days ago by jestrada. Reason: Quoted strings in square brackets are not visible. Attempting to escape the square brackets.

Please Log in to join the conversation.

LimeSurvey Partners
More
4 months 5 days ago - 4 months 5 days ago #199734 by jestrada

jestrada wrote: Please help.

I have Authwebserver enabled; it is not configured to be the default auth method. When the PHP variable $_SERVER 'REMOTE_USER' is NOT defined I can login successfully via Authdb.


This is what a successful login looks like via Authdb; I see these lines added to my ssl_limesurvey-access_log log file:
First these two lines are added when the login page is displayed:
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:03:58:05 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 200 17762

Next these two lines are added after I enter my correct username and password:
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "POST /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - - [21/May/2020:04:04:40 +0000] "GET /admin/ HTTP/1.1" 200 48817

At this point I am successfully logged in.


This is what an unsuccessful login looks like via Authwebserver. In this case the PHP variable $_SERVER 'REMOTE_USER' has a value of 'jestrada' minus the quotes. Mozilla Firefox 76.0.1 (64-bit) displays an error page saying: "The page isn't redirecting properly An error occurred during a connection to
web001.limesurvey-access-dev.xxxx.net. This problem can sometimes be caused by disabling or refusing to accept cookies." I verified the cookie things is NOT my issue. These are the lines added to my ssl_limesurvey-access_log log file:

100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /admin/ HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:50 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -
100.36.xxx.xx - jestrada [21/May/2020:04:07:51 +0000] "GET /index.php/admin/authentication/sa/login HTTP/1.1" 302 -

After that, I can no longer login as myself or an any other user, even the 'admin' user. This is true even though I've verified that the PHP variable $_SERVER 'REMOTE_USER' is no longer defined. My browser shows a floating error message on the "Log in" page saying: You have exceeded the number of
maximum login attempts. Please wait 10 minutes before trying again."

If you need any additional information, please just ask. Let me just say thanks in advance to anyone willing to give me a hand with this problem.


Joseph J. Estrada
Last edit: 4 months 5 days ago by jestrada.

Please Log in to join the conversation.

More
4 months 4 days ago #199760 by DenisChenu
If i remind : when webserver is set and you don't have access : it must throw a 401;

But here : seems best if :
1. You can check with a 3.X version with near same config (not same DB)
2. Report the issue

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now