Thanks to Roman Anasal , Ulysseus European University and SondagesPro LimeSurvey have a OAuth2 authentication plugin.

The last version was tested on LimeSurvey 6.5.15  with PHP8.1.
The LimeSurvey Oauth2 authentication plugin.

 

 

Hi,

Just found this plugin cool and easy to use with integration SSO with Azure Entra ID.

My vm with a http connection to Azure functions flawlessly. However, it fails to return the Access Token in my actual environment behind the F5 Load Balancer.

plugins/AuthOAuth2/AuthOAuth2.php
throw new CHttpException(400, $this->gT('Failed to retrieve access token'));

We experimented with every setting in F5 to enable offloading, adding the X-Forwarded-Proto in header. To force F5 HTTPS to Server HTTPS, even turn on HTTPS on Apache httpd. But the error persists.

It's on latest LimeSurvey 6, RHEL 9.5, PHP 8.1. Latest AuthOAuth2 plugin.

Any idea? Thanks!

Maybe try at github.com/SondagesPro/limesurvey-oauth2.../AuthOAuth2.php#L373

throw new CHttpException(400, $exception->getMessage()));

In my opinion, it's an issue with your .Load Balancer

Thanks! I spent the day with the F5 guys. We enabled the possible options in F5.
- SSL offloading
- Add header X-Forwarded-Proto
- Sticky sessions

However, the error persists. With your debug code, it returns the message:
400: Bad request - cURL error 7: (see curl.haxx.se/libcurl/c/libcurl-errors.html ) for login.microsoftonline.com/tenantid/oauth2/v2.0/token
The request cannot be interpreted by the server due to malformed syntax. Please do not repeat the request without modification. If you think this is a server error, please contact Administrator.

I have no more ideas. Will have to go back to LDAP.

Détails de l'erreur : GuzzleHttp\Exception\ConnectException::__set_state(array(
'message' => 'cURL error 7: (see curl.haxx.se/libcurl/c/libcurl-errors.html )',
'string' => '',
'code' => 0,
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php',
'line' => 275,
'trace' =>
array (
0 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php',
'line' => 205,
'function' => 'createRejection',
'class' => 'GuzzleHttp\\Handler\\CurlFactory',
'type' => '::',
),
1 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php',
'line' => 157,
'function' => 'finishError',
'class' => 'GuzzleHttp\\Handler\\CurlFactory',
'type' => '::',
),
2 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php',
'line' => 47,
'function' => 'finish',
'class' => 'GuzzleHttp\\Handler\\CurlFactory',
'type' => '::',
),
3 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php',
'line' => 28,
'function' => '__invoke',
'class' => 'GuzzleHttp\\Handler\\CurlHandler',
'type' => '->',
),
4 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Handler/Proxy.php',
'line' => 48,
'function' => 'GuzzleHttp\\Handler\\{closure}',
'class' => 'GuzzleHttp\\Handler\\Proxy',
'type' => '::',
),
5 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php',
'line' => 64,
'function' => 'GuzzleHttp\\Handler\\{closure}',
'class' => 'GuzzleHttp\\Handler\\Proxy',
'type' => '::',
),
6 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Middleware.php',
'line' => 31,
'function' => '__invoke',
'class' => 'GuzzleHttp\\PrepareBodyMiddleware',
'type' => '->',
),
7 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php',
'line' => 71,
'function' => 'GuzzleHttp\\{closure}',
'class' => 'GuzzleHttp\\Middleware',
'type' => '::',
),
8 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Middleware.php',
'line' => 66,
'function' => '__invoke',
'class' => 'GuzzleHttp\\RedirectMiddleware',
'type' => '->',
),
9 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/HandlerStack.php',
'line' => 75,
'function' => 'GuzzleHttp\\{closure}',
'class' => 'GuzzleHttp\\Middleware',
'type' => '::',
),
10 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Client.php',
'line' => 333,
'function' => '__invoke',
'class' => 'GuzzleHttp\\HandlerStack',
'type' => '->',
),
11 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Client.php',
'line' => 107,
'function' => 'transfer',
'class' => 'GuzzleHttp\\Client',
'type' => '->',
),
12 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/guzzlehttp/guzzle/src/Client.php',
'line' => 124,
'function' => 'sendAsync',
'class' => 'GuzzleHttp\\Client',
'type' => '->',
),
13 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/league/oauth2-client/src/Provider/AbstractProvider.php',
'line' => 718,
'function' => 'send',
'class' => 'GuzzleHttp\\Client',
'type' => '->',
),
14 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/league/oauth2-client/src/Provider/AbstractProvider.php',
'line' => 733,
'function' => 'getResponse',
'class' => 'League\\OAuth2\\Client\\Provider\\AbstractProvider',
'type' => '->',
),
15 =>
array (
'file' => '/www/plugins/AuthOAuth2/vendor/league/oauth2-client/src/Provider/AbstractProvider.php',
'line' => 646,
'function' => 'getParsedResponse',
'class' => 'League\\OAuth2\\Client\\Provider\\AbstractProvider',
'type' => '->',
),
16 =>
array (
'file' => '/www/plugins/AuthOAuth2/AuthOAuth2.php',
'line' => 371,
'function' => 'getAccessToken',
'class' => 'League\\OAuth2\\Client\\Provider\\AbstractProvider',
'type' => '->',
),
17 =>
array (
'function' => 'beforeLogin',
'class' => 'AuthOAuth2',
'type' => '->',
),
18 =>
array (
'file' => '/www/application/libraries/PluginManager/PluginManager.php',
'line' => 269,
'function' => 'call_user_func',
),
19 =>
array (
'file' => '/www/application/controllers/admin/Authentication.php',
'line' => 115,
'function' => 'dispatchEvent',
'class' => 'LimeSurvey\\PluginManager\\PluginManager',
'type' => '->',
),
20 =>
array (
'file' => '/www/application/controllers/admin/Authentication.php',
'line' => 51,
'function' => 'prepareLogin',
'class' => 'Authentication',
'type' => '::',
),
21 =>
array (
'function' => 'index',
'class' => 'Authentication',
'type' => '->',
),
22 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/actions/CAction.php',
'line' => 114,
'function' => 'invokeArgs',
'class' => 'ReflectionMethod',
'type' => '->',
),
23 =>
array (
'file' => '/www/application/core/SurveyCommonAction.php',
'line' => 83,
'function' => 'runWithParamsInternal',
'class' => 'CAction',
'type' => '->',
),
24 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/CController.php',
'line' => 308,
'function' => 'runWithParams',
'class' => 'SurveyCommonAction',
'type' => '->',
),
25 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/CController.php',
'line' => 286,
'function' => 'runAction',
'class' => 'CController',
'type' => '->',
),
26 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/CController.php',
'line' => 265,
'function' => 'runActionWithFilters',
'class' => 'CController',
'type' => '->',
),
27 =>
array (
'file' => '/www/application/controllers/AdminController.php',
'line' => 204,
'function' => 'run',
'class' => 'CController',
'type' => '->',
),
28 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/CWebApplication.php',
'line' => 282,
'function' => 'run',
'class' => 'AdminController',
'type' => '->',
),
29 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/web/CWebApplication.php',
'line' => 141,
'function' => 'runController',
'class' => 'CWebApplication',
'type' => '->',
),
30 =>
array (
'file' => '/www/vendor/yiisoft/yii/framework/base/CApplication.php',
'line' => 185,
'function' => 'processRequest',
'class' => 'CWebApplication',
'type' => '->',
),
31 =>
array (
'file' => '/www/index.php',
'line' => 161,
'function' => 'run',
'class' => 'CApplication',
'type' => '->',
),
),
'previous' => NULL,
'request' =>
GuzzleHttp\Psr7\Request::__set_state(array(
'method' => 'POST',
'requestTarget' => NULL,
'uri' =>
GuzzleHttp\Psr7\Uri::__set_state(array(
'scheme' => 'https',
'userInfo' => '',
'host' => 'login.microsoftonline.com',
'port' => NULL,
'path' => '/tenantid/oauth2/v2.0/token',
'query' => '',
'fragment' => '',
'composedComponents' => ' login.microsoftonline.com/tenantid/oauth2/v2.0/token ',
)),
'headers' =>
array (
'Content-Length' =>
array (
0 => '1212',
),
'User-Agent' =>
array (
0 => 'GuzzleHttp/7',
),
'Host' =>
array (
0 => 'login.microsoftonline.com',
),
'content-type' =>
array (
0 => 'application/x-www-form-urlencoded',
),
),
'headerNames' =>
array (
'content-length' => 'Content-Length',
'user-agent' => 'User-Agent',
'host' => 'Host',
'content-type' => 'content-type',
),
'protocol' => '1.1',
'stream' =>
GuzzleHttp\Psr7\Stream::__set_state(array(
'stream' => NULL,
'size' => 1212,
'seekable' => true,
'readable' => true,
'writable' => true,
'uri' => 'php://temp',
'customMetadata' =>
array (
),
)),
)),
'handlerContext' =>
array (
'errno' => 7,
'error' => '',
'appconnect_time' => 0.0,
'url' => ' login.microsoftonline.com/tenantid/oauth2/v2.0/token ',
'content_type' => NULL,
'http_code' => 0,
'header_size' => 0,
'request_size' => 0,
'filetime' => -1,
'ssl_verify_result' => 0,
'redirect_count' => 0,
'total_time' => 0.0018,
'namelookup_time' => 0.00262,
'connect_time' => 0.0,
'pretransfer_time' => 0.0,
'size_upload' => 0.0,
'size_download' => 0.0,
'speed_download' => 0.0,
'speed_upload' => 0.0,
'download_content_length' => -1.0,
'upload_content_length' => -1.0,
'starttransfer_time' => 0.0,
'redirect_time' => 0.0,
'redirect_url' => '',
'primary_ip' => '',
'certinfo' =>
array (
),
'primary_port' => 0,
'local_ip' => '',
'local_port' => 0,
'http_version' => 0,
'protocol' => 0,
'ssl_verifyresult' => 0,
'scheme' => '',
'appconnect_time_us' => 0,
'connect_time_us' => 0,
'namelookup_time_us' => 2620,
'pretransfer_time_us' => 0,
'redirect_time_us' => 0,
'starttransfer_time_us' => 0,
'total_time_us' => 1800,
'curl_version' => '7.76.1',
),
))

Curl error : i can not fix it. Not related from plugin.

Disable SELinux on RHEL fixed the error. Not sure which boolean rule yet.