View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|17542||Bug reports||Authentication||public||2021-08-26 10:22||2023-02-08 13:27|
|Summary||17542: Authwebserver plugin not working anymore|
The Authwebserver does not work anymore and is not protecting the administration anymore properly.
This is because some administrative URLs don't use the /admin prefix anymore after refactoring some controllers.
A webserver authentication applied to /admin would not work here.
|Tags||No tags attached.|
|Complete LimeSurvey version number (& build)||.|
|I will donate to the project if issue is resolved||No|
|Database type & version||.|
|Server OS (if known)||.|
|Webserver software & version (if known)|
How to fix this:
This would allow webauth to be used if applied on /admin and /administration directory.
This should happen in the dev branch because moving the controllers is quite extensive
thanks for any help
I think the Authwebserver plugin is different from SSO (LimeSAML plugin). If you want to use SSO, this will work.
Authwebserver plugin could be extended to check for "Administration" in the controller URL, perhaps?
We are also interested in troubleshooting this plugin. Because without it, we cannot switch to LS5 in an organization with almost 14,000 potential users.
We would also like to know the details of the problem, because we have a dedicated plugin based on the same solution, but for the frontend in terms of identifying survey participants (automatic token assignment) in the intranet environment.
The details of the problem are in the issue description above.
I tried to simulate the problem (v5.4.12) when I go to the page /index.php/surveyAdministration/newSurvey, if I am not authenticated it returns 401 because it meets the condition
After authentication, if I don't have permission, "Access Denied" is returned. So I take it the problem is solved?
Access denied and redirect ?
Else : this issue is not directly related to the 2 other fix
More to this line : https://github.com/LimeSurvey/LimeSurvey/blob/a0a3fe63fc54072ac4f71a1cd6f70f3af466af96/application/controllers/SurveyAdministrationController.php#L51 (throw a 401)
Hello, is there any simple way to let authwebserver working on 5.x version? I think it is very important for many people. We still use the version 3.x and can't upgrade to 5.x because of this.
@nohcho82 authwebserver work on 5.X
But issue can happen for some specific link
@DenisChenu and how to simulate this problematic place?
Because if I go to a controller (backend) action that has permission verification (and most actions do), it triggers a redirect
The authentication page in IIS is the Authwebserw plugin, and since the user is not authenticated, he enters here:
Result: 401, this means that the problem has been solved.
Yes, seems OK in surveyAdministration, but some other can lack of this.
At worst : doing a redirect (because not loggued user didn't have any permission) and after only a 401.
But i think @c_schmitz want to have a public without Auth, and only admin directory have Auth part …
Some webserver can have WebAuth o some directory (apache for example). It's the needed case here.
On some other (IIS) : you need 2 different name or PORT. I have a IIS where you need to connect to example.or:8080 to go to admin part.
|2021-08-26 10:22||c_schmitz||New Issue|
|2021-08-26 10:22||c_schmitz||Status||new => assigned|
|2021-08-26 10:22||c_schmitz||Assigned To||=> c_schmitz|
|2021-08-26 10:22||c_schmitz||Priority||none => low|
|2021-08-26 10:22||c_schmitz||Severity||minor => block|
|2021-08-26 10:27||c_schmitz||Note Added: 66149|
|2021-08-26 10:27||c_schmitz||Bug heat||0 => 2|
|2021-08-26 10:29||c_schmitz||Description Updated|
|2021-08-26 11:24||c_schmitz||Note Edited: 66149|
|2021-08-27 12:10||nohcho82||Note Added: 66155|
|2021-08-27 12:10||nohcho82||Bug heat||2 => 4|
|2021-08-30 14:06||galads||Note Added: 66183|
|2021-08-30 14:06||galads||Bug heat||4 => 6|
|2021-08-30 14:06||galads||Issue Monitored: galads|
|2021-08-30 14:06||galads||Bug heat||6 => 8|
|2021-09-17 16:14||ollehar||Note Added: 66521|
|2021-09-17 16:14||ollehar||Bug heat||8 => 10|
|2021-09-17 16:16||ollehar||Status||assigned => acknowledged|
|2021-09-20 15:05||nohcho82||Note Added: 66529|
|2022-01-11 08:52||alorenc||Issue Monitored: alorenc|
|2022-01-11 08:52||alorenc||Bug heat||10 => 12|
|2022-01-11 08:54||2BITS_PL||Issue Monitored: 2BITS_PL|
|2022-01-11 08:54||2BITS_PL||Bug heat||12 => 14|
|2022-01-11 10:13||2BITS_PL||Note Added: 67949|
|2022-01-11 10:13||2BITS_PL||Bug heat||14 => 16|
|2022-01-11 11:16||DenisChenu||Issue Monitored: DenisChenu|
|2022-01-11 11:16||DenisChenu||Bug heat||16 => 18|
|2022-01-11 11:41||ollehar||Note Added: 67951|
|2022-02-01 21:52||gabrieljenik||Relationship added||has duplicate 17860|
|2022-02-01 21:52||gabrieljenik||Bug heat||18 => 26|
|2023-02-07 13:15||2BITS_PL||Note Added: 73717|
|2023-02-08 10:09||DenisChenu||Note Added: 73724|
|2023-02-08 10:09||DenisChenu||Bug heat||26 => 28|
|2023-02-08 10:30||nohcho82||Note Added: 73725|
|2023-02-08 10:37||DenisChenu||Note Added: 73726|
|2023-02-08 10:52||2BITS_PL||Note Added: 73728|
|2023-02-08 13:27||DenisChenu||Note Added: 73729|