Failing authentication via CAS after update to Koha 21.11.09
Hi We are using Debian GNU/Linux 10 with Koha 21.11.09 (after an update from Debian 9 and Koha 19.05.02). Since the update the CAS authentication via Koha OPAC is no more working. The content of system preferences "OPACBaseURL", "casAuthentication", "casLogout" and "casServerUrl" has not changed; the new preference "casServerVersion" ist correctly set to "CAS 2 or earlier". It is possible to successfully log into the CAS server but when trying to access the Koha OPAC via CAS ("Log in using a CAS account") the response is always "Sorry, the CAS login failed." and the user is not logged into his Koha account. The logs don't show no error. I was checking all changes made in bugs 21973 22585 23771 20854 and 28417 but to no avail. Does anyone have an idea how to debug this problem? Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch
Hi We're quite desperate since using CAS all our users can no more log into their Koha accounts. Is there really no way how to debug problems with the authentication via CAS? We would be very happy if there is a way how to find out what Perl scripts "opac-user.pl" or "Auth_with_cas.pm" are really doing. Unfortunately they are not verbose at all and don't write anything into the log files. Is it possible to force these scripts to output what they are actually doing? For example I tried the following in "Auth_with_cas.pm", but file "/tmp/perloutput.txt" stayed empty. open STDERR, ">", "/tmp/perloutput.txt" or die "$0: dup: $!"; print STDERR "defaultcasserver: $defaultcasserver\n"; print STDERR "casservers: $casservers\n"; close (STDERR); Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch -------- Weitergeleitete Nachricht -------- Betreff: [Koha] Failing authentication via CAS after update to Koha 21.11.09 Datum: Mon, 11 Jul 2022 13:41:03 +0200 Von: Michael Kuhn <mik@adminkuhn.ch> Antwort an: Michael Kuhn <mik@adminkuhn.ch> Organisation: Admin Kuhn GmbH An: Koha <koha@lists.katipo.co.nz> Hi We are using Debian GNU/Linux 10 with Koha 21.11.09 (after an update from Debian 9 and Koha 19.05.02). Since the update the CAS authentication via Koha OPAC is no more working. The content of system preferences "OPACBaseURL", "casAuthentication", "casLogout" and "casServerUrl" has not changed; the new preference "casServerVersion" ist correctly set to "CAS 2 or earlier". It is possible to successfully log into the CAS server but when trying to access the Koha OPAC via CAS ("Log in using a CAS account") the response is always "Sorry, the CAS login failed." and the user is not logged into his Koha account. The logs don't show no error. I was checking all changes made in bugs 21973 22585 23771 20854 and 28417 but to no avail. Does anyone have an idea how to debug this problem? Best wishes: Michael
Are you sure the CAS server is functional? Can you try pointing your Koha or a replica to the Apereo XAS demo sites? For debugging, you should use warn "$variable"; And look for those warns in the usual logs. Remember to restart plack everytime you change the code. Hope it helps! El lun, 11 jul 2022 8:41, Michael Kuhn <mik@adminkuhn.ch> escribió:
Hi
We are using Debian GNU/Linux 10 with Koha 21.11.09 (after an update from Debian 9 and Koha 19.05.02).
Since the update the CAS authentication via Koha OPAC is no more working. The content of system preferences "OPACBaseURL", "casAuthentication", "casLogout" and "casServerUrl" has not changed; the new preference "casServerVersion" ist correctly set to "CAS 2 or earlier".
It is possible to successfully log into the CAS server but when trying to access the Koha OPAC via CAS ("Log in using a CAS account") the response is always "Sorry, the CAS login failed." and the user is not logged into his Koha account. The logs don't show no error.
I was checking all changes made in bugs 21973 22585 23771 20854 and 28417 but to no avail.
Does anyone have an idea how to debug this problem?
Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Tomas You wrote:
Are you sure the CAS server is functional?
Yes, when clicking "Log in using a CAS account" the login dialogue of the CAS server appears, after logging in it can be proven that the login there was successful. But the Koha OPAC seems to think the login failed and it says "Sorry, the CAS login failed." This seems to happen because Koha script "Auth.pm" returns 1 for "invalidCasLogin" but I can't find out why.
Can you try pointing your Koha or a replica to the Apereo XAS demo sites?
I found https://apereo.github.io/cas/index.html and I changed "casServerUrl" to "https://apereo.github.io/cas/" but when I click "Log in using a CAS account" there is a message "404 File not found" instead of showing me a the CAS server dialogue.
For debugging, you should use
warn "$variable";
And look for those warns in the usual logs. Remember to restart plack everytime you change the code.
This worked but due to my limited knowledge of Perl and the Koha authentication process via CAS it didn't help me further... Can maybe someone confirm that the CAS server login actually works with Koha 21.11.09? As said we didn't change the CAS configuration since Koha 19.05.02. Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch
El lun, 11 jul 2022 8:41, Michael Kuhn <mik@adminkuhn.ch <mailto:mik@adminkuhn.ch>> escribió:
Hi
We are using Debian GNU/Linux 10 with Koha 21.11.09 (after an update from Debian 9 and Koha 19.05.02).
Since the update the CAS authentication via Koha OPAC is no more working. The content of system preferences "OPACBaseURL", "casAuthentication", "casLogout" and "casServerUrl" has not changed; the new preference "casServerVersion" ist correctly set to "CAS 2 or earlier".
It is possible to successfully log into the CAS server but when trying to access the Koha OPAC via CAS ("Log in using a CAS account") the response is always "Sorry, the CAS login failed." and the user is not logged into his Koha account. The logs don't show no error.
I was checking all changes made in bugs 21973 22585 23771 20854 and 28417 but to no avail.
Does anyone have an idea how to debug this problem?
Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch <mailto:mik@adminkuhn.ch> · W www.adminkuhn.ch <http://www.adminkuhn.ch> _______________________________________________
Koha mailing list http://koha-community.org <http://koha-community.org> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>
Hi Tomas I saw I was using the wrong URL to the Apereo XAS demo site - instead of "https://apereo.github.io/cas/" it is actually "https://casserver.herokuapp.com/cas". So I tried anew using this URL but still the CAS login into Koha fails ("Sorry, the CAS login failed."). I also tried this URL on my Koha demo site using 22.05.00 but the login doesn't work either. Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch Am 18.07.22 um 11:22 schrieb Michael Kuhn:
Hi Tomas
You wrote:
Are you sure the CAS server is functional?
Yes, when clicking "Log in using a CAS account" the login dialogue of the CAS server appears, after logging in it can be proven that the login there was successful.
But the Koha OPAC seems to think the login failed and it says "Sorry, the CAS login failed." This seems to happen because Koha script "Auth.pm" returns 1 for "invalidCasLogin" but I can't find out why.
Can you try pointing your Koha or a replica to the Apereo XAS demo sites?
I found https://apereo.github.io/cas/index.html and I changed "casServerUrl" to "https://apereo.github.io/cas/" but when I click "Log in using a CAS account" there is a message "404 File not found" instead of showing me a the CAS server dialogue.
For debugging, you should use
warn "$variable";
And look for those warns in the usual logs. Remember to restart plack everytime you change the code.
This worked but due to my limited knowledge of Perl and the Koha authentication process via CAS it didn't help me further...
Can maybe someone confirm that the CAS server login actually works with Koha 21.11.09? As said we didn't change the CAS configuration since Koha 19.05.02.
Best wishes: Michael
Hi Michael, do you have user information for this CAS server? I didn't find any sample login yet. Can you log in using the URL directly in the browser? Best wishes, Katrin On 18.07.22 12:03, Michael Kuhn wrote:
Hi Tomas
I saw I was using the wrong URL to the Apereo XAS demo site - instead of "https://apereo.github.io/cas/" it is actually "https://casserver.herokuapp.com/cas". So I tried anew using this URL but still the CAS login into Koha fails ("Sorry, the CAS login failed.").
I also tried this URL on my Koha demo site using 22.05.00 but the login doesn't work either.
Best wishes: Michael
Hi Katrin You wrote:
do you have user information for this CAS server? I didn't find any sample login yet. Can you log in using the URL directly in the browser?
Yes, the URL and the login (casuser / Mellon) for the demo sites can be found at https://apereo.github.io/cas/Demos.html Logging in at https://casserver.herokuapp.com/cas using these credentials is successful. It's just Koha that won't accept it. Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch
On 18.07.22 12:03, Michael Kuhn wrote:
Hi Tomas
I saw I was using the wrong URL to the Apereo XAS demo site - instead of "https://apereo.github.io/cas/" it is actually "https://casserver.herokuapp.com/cas". So I tried anew using this URL but still the CAS login into Koha fails ("Sorry, the CAS login failed.").
I also tried this URL on my Koha demo site using 22.05.00 but the login doesn't work either.
Best wishes: Michael
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Michael, I have tried to set it up in your demo, hope you don't mind! You also need a user with username casuser, but the problem I am seeing is that the login link doesn't show in the OPAC in the first place. Only the heading. So there is some problem there for sure. But: If I log in on the website and then refresh the login page in Koha, I am logged in successfully. Hope this helps, Katrin On 18.07.22 12:25, Michael Kuhn wrote:
Hi Katrin
You wrote:
do you have user information for this CAS server? I didn't find any sample login yet. Can you log in using the URL directly in the browser?
Yes, the URL and the login (casuser / Mellon) for the demo sites can be found at https://apereo.github.io/cas/Demos.html
Logging in at https://casserver.herokuapp.com/cas using these credentials is successful. It's just Koha that won't accept it.
Best wishes: Michael
Hi Michael, sorry, it was probably a glitch with the local login, I now also see the "Sorry, the CAS login failed." message and the login doesn't work :( But the login link now appeared. Katrin On 18.07.22 12:34, Katrin Fischer wrote:
Hi Michael,
I have tried to set it up in your demo, hope you don't mind!
You also need a user with username casuser, but the problem I am seeing is that the login link doesn't show in the OPAC in the first place. Only the heading. So there is some problem there for sure.
But: If I log in on the website and then refresh the login page in Koha, I am logged in successfully.
Hope this helps,
Katrin
On 18.07.22 12:25, Michael Kuhn wrote:
Hi Katrin
You wrote:
do you have user information for this CAS server? I didn't find any sample login yet. Can you log in using the URL directly in the browser?
Yes, the URL and the login (casuser / Mellon) for the demo sites can be found at https://apereo.github.io/cas/Demos.html
Logging in at https://casserver.herokuapp.com/cas using these credentials is successful. It's just Koha that won't accept it.
Best wishes: Michael
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Katrin Meanwhile I was able to login into Koha using casServerUrl https://casserver.herokuapp.com/cas and CAS/Koha-User "casuser" (which I first had to create) on my Koha 22.05.00 demo site as well as on the productive Koha 21.11.09 installation. But the login using the original casServerUrl still doesn't work. So for the moment I think there is a problem with the original CAS-Server. Best wishes and thanks for your support! Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch Am 18.07.22 um 12:48 schrieb Katrin Fischer:
Hi Michael,
sorry, it was probably a glitch with the local login, I now also see the "Sorry, the CAS login failed." message and the login doesn't work :(
But the login link now appeared.
Katrin
On 18.07.22 12:34, Katrin Fischer wrote:
Hi Michael,
I have tried to set it up in your demo, hope you don't mind!
You also need a user with username casuser, but the problem I am seeing is that the login link doesn't show in the OPAC in the first place. Only the heading. So there is some problem there for sure.
But: If I log in on the website and then refresh the login page in Koha, I am logged in successfully.
Hope this helps,
Katrin
On 18.07.22 12:25, Michael Kuhn wrote:
Hi Katrin
You wrote:
do you have user information for this CAS server? I didn't find any sample login yet. Can you log in using the URL directly in the browser?
Yes, the URL and the login (casuser / Mellon) for the demo sites can be found at https://apereo.github.io/cas/Demos.html
Logging in at https://casserver.herokuapp.com/cas using these credentials is successful. It's just Koha that won't accept it.
Best wishes: Michael
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Michael, hope you can figure out the issue soon. Could something have changed with the usernames/logins? Best wishes, Katrin On 18.07.22 13:31, Michael Kuhn wrote:
Hi Katrin
Meanwhile I was able to login into Koha using casServerUrl https://casserver.herokuapp.com/cas and CAS/Koha-User "casuser" (which I first had to create) on my Koha 22.05.00 demo site as well as on the productive Koha 21.11.09 installation.
But the login using the original casServerUrl still doesn't work. So for the moment I think there is a problem with the original CAS-Server.
Best wishes and thanks for your support!
Michael
participants (3)
-
Katrin Fischer -
Michael Kuhn -
Tomas Cohen Arazi