Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-63994

Cannot connect using CAS with moodle 3.5.3 : invalid token

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Notes

      • The CAS authentication in Moodle can be tested with a public CAS demo server operated by Apereo. We will use it instead of setting up an own one (I tried and learned a lot while doing it, but it is not worth this test – David).
      • In a normal production setup, the CAS authentication would be typically used together with an LDAP server where the user data (such as name and email) would be loaded from. This is optional though and not needed for this test.
      • You need to have the php-ldap module installed. E.g. In Debian-based Linux distros:

        sudo apt install php-ldap
        

        Then restart your web server

        sudo service apache2 restart
        

      Fix & regression test

      1. Log in as admin
      2. Go to Site administration > Plugins > Authentication
      3. Enable CAS server (SSO) and click its Settings link
      4. Fill the form with the following values, leaving default ones in the rest:
        Field Value
        Hostname (auth_cas | hostname) casserver.herokuapp.com
        Base URI auth_cas | baseuri cas/
        Port auth_cas | port 443
        CAS protocol version auth_cas | casversion CAS 2.0
        CAS logout option auth_cas | logoutcas Yes
        Multi-authentication auth_cas | multiauth Yes
      5. Log out
      6. Click the Log in link
      7. Follow the "CAS users" link
      8. You should be at casserver.herokuapp.com demo login page now. Fill the following demo credentials:
        • Username: casuser
        • Password: Mellon
      9. Click "LOGIN"
      10. Confirm: You are redirected back to Moodle and authenticated as a new user. You are now asked to fill the empty user profile form. Please do so.
        • _Note:_ The demo CAS server can be very slow and you may experience timeouts. If you experience this, just try again the previous steps to login. You may also try the following:
          1. Go to https://casserver.herokuapp.com/cas/login and directly log into the site using the above user credentials.
          2. On a different browser tab, open your Moodle instance and click "Log in"
          3. Click "CAS users"
          4. Then you should be redirected back to Moodle.
      11. Log out.
      12. Go back to your Moodle page and click Log in again.
      13. Follow the "other users" link.
      14. Confirm: You can log in as the site admin with the default login form.
      15. Navigate to Site administration > Users > Accounts > Browse list of users
      16. Confirm: There is a user with username "casuser" and authentication method set to "CAS server (SSO)"
      Show
      Notes The CAS authentication in Moodle can be tested with a public CAS demo server operated by Apereo. We will use it instead of setting up an own one (I tried and learned a lot while doing it, but it is not worth this test – David). In a normal production setup, the CAS authentication would be typically used together with an LDAP server where the user data (such as name and email) would be loaded from. This is optional though and not needed for this test. You need to have the php-ldap module installed. E.g. In Debian-based Linux distros: sudo apt install php-ldap Then restart your web server sudo service apache2 restart Fix & regression test Log in as admin Go to Site administration > Plugins > Authentication Enable CAS server (SSO) and click its Settings link Fill the form with the following values, leaving default ones in the rest: Field Value Hostname (auth_cas | hostname) casserver.herokuapp.com Base URI auth_cas | baseuri cas/ Port auth_cas | port 443 CAS protocol version auth_cas | casversion CAS 2.0 CAS logout option auth_cas | logoutcas Yes Multi-authentication auth_cas | multiauth Yes Log out Click the Log in link Follow the "CAS users" link You should be at casserver.herokuapp.com demo login page now. Fill the following demo credentials: Username: casuser Password: Mellon Click "LOGIN" Confirm : You are redirected back to Moodle and authenticated as a new user. You are now asked to fill the empty user profile form. Please do so. _ Note: _ The demo CAS server can be very slow and you may experience timeouts. If you experience this, just try again the previous steps to login. You may also try the following: Go to https://casserver.herokuapp.com/cas/login and directly log into the site using the above user credentials. On a different browser tab, open your Moodle instance and click " Log in " Click "CAS users" Then you should be redirected back to Moodle. Log out. Go back to your Moodle page and click Log in again. Follow the "other users" link. Confirm : You can log in as the site admin with the default login form. Navigate to Site administration > Users > Accounts > Browse list of users Confirm : There is a user with username "casuser" and authentication method set to "CAS server (SSO)"
    • Workaround:
      Hide

      Set

      $CFG->disablelogintoken = true;
      

      in config.php.

      Show
      Set $CFG->disablelogintoken = true; in config.php.
    • Affected Branches:
      MOODLE_35_STABLE
    • Fixed Branches:
      MOODLE_31_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
    • Pull from Repository:
    • Pull 3.5 Branch:
      MDL-63994-35-castoken
    • Pull Master Branch:
      MDL-63994-master-castoken

      Description

      If i don't set $CFG->disablelogintoken = true; in config.php, there is no longer possibility to connect to moodle. I tried with theme Adaptable, Boost and Clean, it's seems to have no effect on it.

       

      Steps to reproduce :

      1 : In version 3.5.2 (or in version 3.5.3 with option "$CFG->disablelogintoken = true; " in config.php ), go to http://127.0.0.1/admin/settings.php?section=authsettingcas and select "No" to option : auth_cas | multiauth and configure to connect to CAS server

      2 : Update to 3.5.3 (or comment option "$CFG->disablelogintoken = true; " in config.php if you have already upgrade)

      3 : Disconnect and try to login : you are redirected to CAS page to connect.

      4- Expected : Being connected to Moodle
      4- Happens : Getting an error message in a page asking for some credentials (locals to moodle?)

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                20 Vote for this issue
                Watchers:
                21 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  12/Nov/18

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m