Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66582

"auth_logo" in auth_cas and auth_shibboleth throw an invalidresponse exception when calling "tool_mobile_get_public_config"

XMLWordPrintable

    • MOODLE_37_STABLE
    • MOODLE_36_STABLE, MOODLE_37_STABLE
    • MDL-66582-master
    • Hide
      Prerequisites
      1. CAS setup (3.7 and master only)
        1. Run the CAS docker image:

          docker run --rm --name cas -p 8443:8443 -dt moodlehq/moodle-docker-cas:v5.2.2-0

        2. Log in as admin
        3. Go to Site administration -> Plugins -> Manage authentication
        4. Enable "CAS Server (SSO)"
        5. Click on the "Settings" link for the CAS authentication.
        6. Enter the following settings:
          • Hostname: localhost
          • Port: 8443
          • Base URI: cas/
          • Multi Auth: Yes
        7. Save the changes
      2. Dummy Shibboleth setup
        1. Go back to the "Manage authentication" admin page.
        2. Enable the "Shibboleth" authentication plugin.
        3. Click on the "Settings" link for the Shibboleth authentication.
        4. Enter any dummy value into the "Username" field.
        5. Save the changes.
      3. Error log monitoring. On a terminal, execute the tail command to monitor the Apache error log. E.g. "tail -f /var/log/apache2/error.log"
      No logos
      1. Open another terminal window and execute this curl request, replacing the site url with yours.

        curl '[YOUR_MOODLE_URL]/lib/ajax/service.php' --data-binary '[{"index":0,"methodname":"tool_mobile_get_public_config","args":{}}]' | python -m "json.tool"
        

      2. Confirm that:
        • In the CURL response you see an "identityproviders" array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:
            Shibboleth CAS
          iconurl empty empty
          name Shibboleth Login CAS
          URL [YOUR_MOODLE_URL]/auth/shibboleth/index.php [YOUR_MOODLE_URL]/login/index.php?authCAS=CAS"
      3. Open a different browser session and go to the login page.
      4. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page.
      5. Confirm that login buttons are rendered without any logos, especially any broken pictures.
      6. Check your error log.
      7. Confirm that you don't see a "filenotfound" error log entry.
      With logos
      1. Back on the admin's browser window, edit the settings for the Shibboleth authentication.
      2. Upload an image for the "Authentication method logo" field.
      3. Save the changes.
      4. Do the same for the "CAS server (SSO)" authentication method and save the changes
      5. Run the curl request again on the terminal.
      6. Confirm that:
        • In the CURL response you see an "identityproviders" array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:
            Shibboleth CAS
          iconurl The URL to the authentication method logo The URL to the authentication method logo
          name Shibboleth Login CAS
          URL [YOUR_MOODLE_URL]/auth/shibboleth/index.php [YOUR_MOODLE_URL]/login/index.php?authCAS=CAS"
      7. Open a different browser session and go to the login page.
      8. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page.
      9. Confirm that login buttons are rendered with the correct logos.
      10. Check your error log.
      11. Confirm that you don't see a "filenotfound" error log entry.
      Show
      Prerequisites CAS setup (3.7 and master only) Run the CAS docker image: docker run --rm --name cas -p 8443:8443 -dt moodlehq/moodle-docker-cas:v5.2.2-0 Log in as admin Go to Site administration -> Plugins -> Manage authentication Enable "CAS Server (SSO)" Click on the " Settings " link for the CAS authentication. Enter the following settings: Hostname: localhost Port: 8443 Base URI: cas/ Multi Auth: Yes Save the changes Dummy Shibboleth setup Go back to the " Manage authentication " admin page. Enable the " Shibboleth " authentication plugin. Click on the " Settings " link for the Shibboleth authentication. Enter any dummy value into the " Username " field. Save the changes. Error log monitoring. On a terminal, execute the tail command to monitor the Apache error log. E.g. " tail -f /var/log/apache2/error.log " No logos Open another terminal window and execute this curl request, replacing the site url with yours. curl '[YOUR_MOODLE_URL]/lib/ajax/service.php' --data-binary '[{"index":0,"methodname":"tool_mobile_get_public_config","args":{}}]' | python -m "json.tool" Confirm that: In the CURL response you see an " identityproviders " array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:   Shibboleth CAS iconurl empty empty name Shibboleth Login CAS URL [YOUR_MOODLE_URL] /auth/shibboleth/index.php [YOUR_MOODLE_URL] /login/index.php?authCAS=CAS" Open a different browser session and go to the login page. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page. Confirm that login buttons are rendered without any logos, especially any broken pictures. Check your error log. Confirm that you don't see a " filenotfound " error log entry. With logos Back on the admin's browser window, edit the settings for the Shibboleth authentication. Upload an image for the " Authentication method logo " field. Save the changes. Do the same for the " CAS server (SSO) " authentication method and save the changes Run the curl request again on the terminal. Confirm that: In the CURL response you see an " identityproviders " array containing information about the CAS (3.7 and master only) and Shibboleth authentication identity providers with the following fields and values set:   Shibboleth CAS iconurl The URL to the authentication method logo The URL to the authentication method logo name Shibboleth Login CAS URL [YOUR_MOODLE_URL] /auth/shibboleth/index.php [YOUR_MOODLE_URL] /login/index.php?authCAS=CAS" Open a different browser session and go to the login page. Confirm that Shibboleth and CAS (3.7 and master only) login buttons are shown on the login page. Confirm that login buttons are rendered with the correct logos. Check your error log. Confirm that you don't see a " filenotfound " error log entry.

      This minor bug did break the login process of our Android and Windows Store mobile apps (not tested on iOS).

      When not using the auth_logo in CAS or Shibboleth authentication plugins, the standard /login/index.php page displays a broken icon on Firefox (see the attached "auth_logo_noimg_ff.png").

      On the other hand, when using an auth_logo in the CAS or Shibboleth plugin, the "tool_mobile_get_public_config" in /lib/ajax/service.php do throw an "invalidresponse" exception. Effectively preventing any user to connect to our server through the Android or Windows Store app.

      A small curl script demonstrates this situation :

      curl -s -H "Accept: application/json" -X POST --data-raw '[{"index":0,"methodname":"tool_mobile_get_public_config","args":[]}]' "http://my.moodle.com/lib/ajax/service.php?info=tool_mobile_get_public_config"
      

      Expected (truncated) output :

      [
        {
          "error": false,
          "data": {
            "wwwroot": "http://my.moodle.com",
            "httpswwwroot": "http://my.moodle.com",
            "identityproviders": [
              {
                "name": "CAS",
                "iconurl": "http://my.moodle.com/pluginfile.php/1/auth_cas/logo/",
                "url": "http://my.moodle.com/login/index.php?authCAS=CAS"
              }
            ]
          }
        }
      ]
      

      Got the following error :

      [
        {
          "error": true,
          "exception": {
            "message": "Invalid response value detected",
            "errorcode": "invalidresponse",
            "backtrace": "* line 442 of /lib/externallib.php: invalid_response_exception thrown\n* line 250 of /lib/externallib.php: call to external_api::clean_returnvalue()\n* line 59 of /lib/ajax/service.php: call to external_api::call_external_function()\n",
            "link": "http://my.moodle.com/",
            "moreinfourl": "https://docs.moodle.org/37/fr/error/debug/invalidresponse",
            "debuginfo": "identityproviders => Invalid response value detected: iconurl => Invalid response value detected: Invalid external api response: the value is \"http://my.moodle.com/pluginfile.php/1/auth_cas/logo//moodle_d.png\" of PHP type \"string\", the server was expecting \"url\" type\nError code: invalidresponse"
          }
        }
      ]
      

        1. auth_logo_noimg_ff.png
          155 kB
          Johan Dobbelstein
        2. Confirmed and verified fixed.png
          341 kB
          Gladys Basiana

            jleyva Juan Leyva
            jdobbelstein Johan Dobbelstein
            Pau Ferrer Pau Ferrer
            Jun Pataleta Jun Pataleta
            Gladys Basiana Gladys Basiana
            Votes:
            12 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours, 30 minutes
                4h 30m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.