SAML user autocreation can become impossible
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Simon Story |
Bug Description
It is possible to put yourself in a situation where users having users auto-created by an authentication plugin is impossible.
By design, for auto-creation to happen, all institutions must be registerallowed = 0 .
By design, when an authentication plugin is added to an institution, registerallowed is set to 0. But it is not set for all institutions, if multiple exist.
Once an authentication plugin is added to an institution, via the web interface the control to toggle registerallowed for an institution is hidden.
To reproduce from a fresh installation of Mahara:
Create an institution
Set config item usersuniquebyus
Add and configure an authentication plugin
Attempt to login with with a new user that should autocreate, which will fail because the 'mahara' institution will still have registerallowed = 1
To workaround:
Connect to the database and set registerallowed = 0 for all institutions, eg 'UPDATE institution set registerallowed = 0 ;'.
summary: |
- Authentication plugin user autocreation can become impossible + SAML user autocreation can become impossible |
Changed in mahara: | |
status: | Triaged → Fix Committed |
milestone: | none → 1.6.0 |
assignee: | nobody → Simon Story (simon-story) |
Can you please be more specific about which authentication method you talk? Is it the internal one? We use Mahara with multiple institutions and some have auto-creation of accounts switched on for Moodle or SAML SSO or LDAP but not necessarily for the rest.
So if you have a MNet auth method, you don't need to allow registration as you'll be placed into the institution automatically when you log in via Moodle.
The "Registration allowed" is also for moving between institutions and not just for registration of new accounts.