Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66330

CAS SSO and multi-authentication - SSO doesn't work as expected



    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.7
    • None
    • Authentication
    • None


      Steps to reproduce the error:

      1. Enable both CAS SSO authentication and Email-based self-registration authentication plugins.
      2. Login to other system with CAS SSO authentication, and then redirect to Moodle to access a course (https://www.examplemoodle.com/course/view.php?id=99
      3. Then moodle direct back to https://www.examplemoodle.com/login/index.php page to select login method.
      4. When user click  https://www.examplemoodle.com/login/index.php?authCAS=CAS it shows as user already logged in. 

      Expected outcome:

       User will direct to the particular course page without landing into  https://www.examplemoodle.com/login/index.php 



      This happens because of loginpage_hook method in auth/cas/auth.php. 


      // If the multi-authentication setting is used, check for the param before connecting to CAS.
      if ($this->config->multiauth) {

      // If there is an authentication error, stay on the default authentication page.
      if (!empty($SESSION->loginerrormsg))

      { return; }
      $authCAS = optional_param('authCAS', '', PARAM_RAW);

      if ($authCAS == 'NOCAS') { return; }

      // Show authentication form for multi-authentication.
      // Test pgtIou parameter for proxy mode (https connection in background from CAS server to the php server).
      if ($authCAS != 'CAS' && !isset($_GET['pgtIou']))

      { $PAGE->set_url('/login/index.php'); $PAGE->navbar->add($CASform); $PAGE->set_title("$site->fullname: $CASform"); $PAGE->set_heading($site->fullname); echo$OUTPUT->header(); include($CFG->dirroot.'/auth/cas/cas_form.html'); echo$OUTPUT->footer(); exit(); }

      When $authCAS is not equal to 'CAS' it redirects users into '/login/index.php'. On the other hand this is important to get manual login option.

      However if user already logged in using CAS, it should go here,
      if (phpCAS::checkAuthentication()) {
      $frm = newstdClass();
      $frm->username = phpCAS::getUser();
      $frm->password = 'passwdCas';

      // Redirect to a course if multi-auth is activated, authCAS is set to CAS and the courseid is specified.
      if ($this->config->multiauth && !empty($courseid))

      { redirect(newmoodle_url('/course/view.php', array('id'=>$courseid))); }


      // Force CAS authentication (if needed).
      if (!phpCAS::isAuthenticated())

      { phpCAS::setLang($this->config->language); phpCAS::forceAuthentication(); }

      Challenge here is, it should only happen if user already logged in using CAS SSO, otherwise both options should available to login.




            Unassigned Unassigned
            Gunathunga Dasu
            David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            3 Vote for this issue
            3 Start watching this issue