** Changed in: mahara
Status: Confirmed => Triaged
--
Multiple authinstances with parents - potentially needs UI work.
https://bugs.launchpad.net/bugs/548061
You received this bug notification because you are a member of Mahara
Core, which is the registrant for Mahara.
Status in Mahara ePortfolio: Triaged
Bug description:
An example situation: Two Moodles are SSOing into Mahara. They are both set up
as XMLRPC with an LDAP parent.
This breaks when each Moodle has a user of the same username. For example
aaron. Because one is given the name 'aaron' when they SSO in, and the other is
given the name 'aaron1' - which will never work for the parent authentication,
as it doesn't know about an 'aaron1' user.
Therefore, that means either:
1. Only one of the xmlrpc authinstances can have a given LDAP server as parent
authentication, across all institutions in Mahara, or
2. Usernames would have to be unique across BOTH Moodles, to prevent this
situation occuring, or
3. You need to turn on the usersuniquebyusername configuration setting - which
assumes that users with the same name in different moodles are the same person
and thus SSO into the same Mahara account.
There's no other way around this, as far as I can see.
The upshot of this is:
You can't use two parent authentication instances that will answer for the
same username, unless they're actually the same person in the remote
applications. And if that is the case, you have to turn on
"usersuniquebyusername". If that is not the case, then the XMLRPC authinstances
can't really have parents - users have to sign in through SSO.
If you're only MNETting with one moodle, then the authinstance can safely
have a parent.
Richard suggests that we could somehow display to people in Mahara their
username (perhaps on first login, sent to them by e-mail and in the profile
sideblock), which _might_ work as long as we use the auth_remote_user table to
look up what their username in the parent authinstance actually is when trying
to sign them on. But it also relies on users understanding when they are using
the Mahara login form instead of the Moodle one, and thus that they should use
the correct username.
So, in short, this bug is about:
* Do we change the admin UI somehow based on these limitations? I.e. only allow
one authinstance to have a parent unless usersuniquebyusername is on/the admin
is given a warning about having more than one parent?
* Do we tell users their username in Mahara so they can log in there?
Low prio cos I don't think an answer is needed right now, but at least the
problem is documented while I have it all in my head :)
This bug was imported from eduforge.org, see:
https://eduforge.org/tracker/index.php?func=detail&aid=2656&group_id=176&atid=739
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
