Hello fellow LimeSurvey users,

I want to connect Limesurvey to Azure AD and therefore use the authentification through Webserver (with OpenID).
I'm using Apache on an Ubuntu 18.04 System. I secured the limesurvey/admin page and set the redirect_uri to limesurvey/index.php/admin. The request to azure works just fine and I have checked, that REMOTE_USER is populated via a cgi script. I also added the user manually and set the option "Allow webserver Authentification" and disallowed internaldb access.

However after the redirect the standard login page is shown everytime.
I think it could be a problem with the redirect uri, is that the correct approach?
(I've also tried other ones like /index.php/admin/authentication/sa/login but got the same result)
I've seen that some other users have similar problems but I don't get the redirect loop, it just doesn't login the user.
Is there some way I can debug the plugin? I tried setting debug = 2 in the config, but I don't see anything special.

Maybe the plugin is also just not working with the 4.x, has somebody got it running with this setup?

I would be really grateful for hints, I have been stuck on this problem pretty long now.

With kind regards
Kilian

You can try LimeSurvey 3.22 LTS with the same system ?

If yes : i think you can report the issue.

Unfortunately , curren,tly the only way to track issue in AuthWebserver plmugin seems to hack code (no log etc …)

Hello Denis,

Thank you for your quick reply.

I have now installed LimeSurvey 3.22 with the exact same setup and i'm running into the same problem. If AuthWebserver is known to work there, i have some problem in my setup.

The redirects are as follows:
GET https://domain/limesurvey3/admin
GET login.microsoftonline.com/ .....
GET https://domain/limesurvey3/index.php/admin?code=AQAxxxx and there is a cookie mod_auth_openidc_state_QpMCgwGehxxx
GET https://domain/limesurvey3/index.php/admin/authentication/sa/login
with the same cookie mod_auth_openidc_state_QpMCgwGehxxxx

Am I doing something wrong until this point? Because of the cookie I think it works.

It's an openid or another SSO here, not AuthWebserver ?

You need for webserver auth.

Hello again,

Thank you for your time.

Yes I use openid for the authentification.
I thought it is fine if the remote User Variable gets set, what is supposed to be in $_SERVER fixed_var ? Then i can probably set it in the apache files.

If that isn't possible, is there any documentation for Authwebserver? Because it sound like I could replace openId with it.

Regards
Kilian

Key to use for username e.g. PHP_AUTH_USER, LOGON_USER, REMOTE_USER. See phpinfo in global settings.

For some SSO : see plugins : manual.limesurvey.org/Available_third_pa...thentication_plugins

Thanks for the link, that means I can use the Shibboleth Auth Plugin as an alternative.
Just so I get it right: I need to write "REMOTE_USER" in the fixed Var Value or the Value of Remote User? Because i set the username in remote user.

But in general will openid work (I used it because we use it in our other applications) or is this not recommended?

Regards

REMOTE_USER is the default $_SERVER variable.

It can be GLOUBI_BOULGA

You need to write in $_SERVER variables …

Hello again,

Through the cgi Script i have confirmed, that the environment variable is set like REMOTE_USER: kilian.langer@foo.com.
Is there a difference between server and environment Variables ?
I still get redirected to the login page.

Thank you for your time.

Regards
Kilian

You don't have a website for search ?

www.php.net/manual/en/reserved.variables.server.php
www.php.net/manual/en/reserved.variables.environment.php

Create a AuthEnvserver plugin can be really easy.

I got it to work,
it was the redirect url.

Before I secured limesurvey/admin which then redirected to the login page.
The correct way is to secure limesurvey/index.php/admin and then redirect to limesurvey/index.php/admin/redirect_uri. Appearently the environment variables aren't global and get lost if you don't do it like the second way.

Thank you DenisChenu for the links, they helped alot.

ENV variable are not in session