Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local login fallback locallogin.php redirects to IdP with active session. #775

Open
krostas1983 opened this issue Nov 27, 2024 · 2 comments · May be fixed by #776
Open

Local login fallback locallogin.php redirects to IdP with active session. #775

krostas1983 opened this issue Nov 27, 2024 · 2 comments · May be fixed by #776
Assignees
@krostas1983
Labels
bug Something which isn't working

Comments

@krostas1983
Copy link

Describe the bug
If a user visits /locallogin.php with an active local session and alternateloginurl is set in such a way, that /login/index.php makes a redirect to an identity provider, an active session actually prevents the user from continuing to the moodle system.

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'Site administration' -> 'Plugins' -> 'Authentication' -> 'Manage authentication'
  2. Verify that authentication method 'Shibboleth' is active.
  3. Verify that 'alternateloginurl' is set to '/auth/shibboleth/index.php'.
  4. Go to 'Site administration' -> 'Plugins' -> 'Authentication' -> 'Shibboleth'
  5. Verify that Shibboleth is configured properly and especially 'alt_login' (Moodle WAYF service) is set to 'No'.
  6. Go to 'Site administration' -> 'Appearance' -> 'Boost Union' -> 'Look' -> 'Login Page'
  7. Verify that 'loginlocalloginenable' is set to 'No'.
  8. In a new browser window (no session), go to '/theme/boost_union/locallogin.php'
  9. Login with a manual account.
  10. Verify that you have a valid session (i.e. are logged into Moodle).
  11. Go to '/theme/boost_union/locallogin.php'
  12. You should be redirected to the IdP of your Shibboleth configuration.

Expected behavior
The expected behaviour is for the user to be redirected to the appropriate starting page for a user with a valid session. This is done via /index.php, not /login/index.php.

Screenshots
n/a

Desktop (please complete the following information):

  • OS: irrelevant
  • Browser: irrelevant
  • Version: irrelevant

Smartphone (please complete the following information):

  • Device: irrelevant
  • OS: irrelevant
  • Browser irrelevant
  • Version irrelevant

Additional context
This feature is not a core feature of Boost Union, yet very useful for sites where a single IdP is used via the auth plugins login page in alternateloginurl. Still, this combination of circumstances creates unexpected behaviour and thus qualifies as a bug. (imho)
@krostas1983 krostas1983 added the new Something which has been reported but has not yet beeen triaged by the team label Nov 27, 2024
@christianwolters
Copy link
Member

Hi @krostas1983,

probably same issue as #653, I can fix this shortly.

@christianwolters christianwolters self-assigned this Nov 28, 2024
@krostas1983
Copy link
Author

Hi @christianwolters ,

unfortunately not the same. I think #653 needs some copy/paste from templates/core/loginform.mustache to add the button for guest login + JS to determine whether it should be active (i.e. if guest access is enabled or not). Haven't figured that out yet as I'm not very well versed in Mustache templates.

This issue is resolved by #776 .

@christianwolters christianwolters removed their assignment Nov 29, 2024
@wiebkemueller-hsh wiebkemueller-hsh added bug Something which isn't working and removed new Something which has been reported but has not yet beeen triaged by the team labels Dec 5, 2024
@wiebkemueller-hsh wiebkemueller-hsh moved this to Ready for FUNCTEST in Boost Union Planning Board Dec 5, 2024
@wiebkemueller-hsh wiebkemueller-hsh linked a pull request Dec 5, 2024 that will close this issue
Fix unwanted redirect to IdP from locallogin.php in case alternateloginurl is set, resolves #775 #776
Open
@abias abias moved this from Ready for FUNCTEST to In Progress REVIEW in Boost Union Planning Board Dec 9, 2024
@abias abias linked a pull request Dec 9, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@krostas1983 krostas1983

Labels
bug Something which isn't working
Projects
Boost Union Planning Board
Status: In Progress REVIEW
Milestone
No milestone
3 participants
@christianwolters @krostas1983 @wiebkemueller-hsh