LimeSurvey v4.2.3 Authwebserver not working

More
4 months 2 days ago #201674 by Stuffy2
Hello fellow LimeSurvey users,

I want to connect Limesurvey to Azure AD and therefore use the authentification through Webserver (with OpenID).
I'm using Apache on an Ubuntu 18.04 System. I secured the limesurvey/admin page and set the redirect_uri to limesurvey/index.php/admin. The request to azure works just fine and I have checked, that REMOTE_USER is populated via a cgi script. I also added the user manually and set the option "Allow webserver Authentification" and disallowed internaldb access.

However after the redirect the standard login page is shown everytime.
I think it could be a problem with the redirect uri, is that the correct approach?
(I've also tried other ones like /index.php/admin/authentication/sa/login but got the same result)
I've seen that some other users have similar problems but I don't get the redirect loop, it just doesn't login the user.
Is there some way I can debug the plugin? I tried setting debug = 2 in the config, but I don't see anything special.

Maybe the plugin is also just not working with the 4.x, has somebody got it running with this setup?

I would be really grateful for hints, I have been stuck on this problem pretty long now.

With kind regards
Kilian

Please Log in to join the conversation.

LimeSurvey Partners
More
4 months 2 days ago #201680 by DenisChenu
You can try LimeSurvey 3.22 LTS with the same system ?

If yes : i think you can report the issue.

Unfortunately , curren,tly the only way to track issue in AuthWebserver plmugin seems to hack code (no log etc …)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
The following user(s) said Thank You: Stuffy2

Please Log in to join the conversation.

More
4 months 2 days ago #201685 by Stuffy2
Hello Denis,

Thank you for your quick reply.

I have now installed LimeSurvey 3.22 with the exact same setup and i'm running into the same problem. If AuthWebserver is known to work there, i have some problem in my setup.

The redirects are as follows:
GET https://domain/limesurvey3/admin
GET login.microsoftonline.com/ .....
GET https://domain/limesurvey3/index.php/admin?code=AQAxxxx and there is a cookie mod_auth_openidc_state_QpMCgwGehxxx
GET https://domain/limesurvey3/index.php/admin/authentication/sa/login
with the same cookie mod_auth_openidc_state_QpMCgwGehxxxx

Am I doing something wrong until this point? Because of the cookie I think it works.

Please Log in to join the conversation.

More
4 months 2 days ago - 4 months 2 days ago #201692 by DenisChenu
It's an openid or another SSO here, not AuthWebserver ?

You need
$_SERVER['fixed_var'];
for webserver auth.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
Last edit: 4 months 2 days ago by DenisChenu.
The following user(s) said Thank You: Stuffy2

Please Log in to join the conversation.

More
4 months 2 days ago - 4 months 2 days ago #201695 by Stuffy2
Hello again,

Thank you for your time.

Yes I use openid for the authentification.
I thought it is fine if the remote User Variable gets set, what is supposed to be in $_SERVER fixed_var ? Then i can probably set it in the apache files.

If that isn't possible, is there any documentation for Authwebserver? Because it sound like I could replace openId with it.

Regards
Kilian
Last edit: 4 months 2 days ago by Stuffy2.

Please Log in to join the conversation.

More
4 months 2 days ago #201698 by DenisChenu

Key to use for username e.g. PHP_AUTH_USER, LOGON_USER, REMOTE_USER. See phpinfo in global settings.



For some SSO : see plugins : manual.limesurvey.org/Available_third_pa...thentication_plugins

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
Attachments:
The following user(s) said Thank You: Stuffy2

Please Log in to join the conversation.

More
4 months 2 days ago #201717 by Stuffy2
Thanks for the link, that means I can use the Shibboleth Auth Plugin as an alternative.
Just so I get it right: I need to write "REMOTE_USER" in the fixed Var Value or the Value of Remote User? Because i set the username in remote user.

But in general will openid work (I used it because we use it in our other applications) or is this not recommended?

Regards

Please Log in to join the conversation.

More
4 months 2 days ago #201723 by DenisChenu
REMOTE_USER is the default $_SERVER variable.

It can be GLOUBI_BOULGA

You need to write in $_SERVER variables …

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

More
3 months 4 weeks ago #201909 by Stuffy2
Hello again,

Through the cgi Script i have confirmed, that the environment variable is set like REMOTE_USER: This email address is being protected from spambots. You need JavaScript enabled to view it..
Is there a difference between server and environment Variables ?
I still get redirected to the login page.

Thank you for your time.

Regards
Kilian

Please Log in to join the conversation.

More
3 months 4 weeks ago - 3 months 4 weeks ago #201910 by DenisChenu
You don't have a website for search ?

www.php.net/manual/en/reserved.variables.server.php
www.php.net/manual/en/reserved.variables.environment.php

Create a AuthEnvserver plugin can be really easy.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.
Last edit: 3 months 4 weeks ago by DenisChenu.

Please Log in to join the conversation.

More
3 months 3 weeks ago #202190 by Stuffy2
I got it to work,
it was the redirect url.

Before I secured limesurvey/admin which then redirected to the login page.
The correct way is to secure limesurvey/index.php/admin and then redirect to limesurvey/index.php/admin/redirect_uri. Appearently the environment variables aren't global and get lost if you don't do it like the second way.

Thank you DenisChenu for the links, they helped alot.

Please Log in to join the conversation.

More
3 months 3 weeks ago #202198 by DenisChenu
ENV variable are not in session ;)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development . I don't answer to private message.

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now