View Issue Details

This bug affects 1 person(s).
IDProjectCategoryView StatusLast Update
17542Bug reportsAuthenticationpublic2021-09-20 15:05
Reporterc_schmitz Assigned Toc_schmitz  
Status acknowledgedResolutionopen 
Product Version5.x 
Target Version5.0.0dev 
Summary17542: Authwebserver plugin not working anymore
DescriptionThe Authwebserver does not work anymore and is not protecting the administration anymore properly.

This is because some administrative URLs don't use the /admin prefix anymore after refactoring some controllers.
For example when creating a survey the URL is currently


A webserver authentication applied to /admin would not work here.
TagsNo tags attached.
Bug heat10
Complete LimeSurvey version number (& build).
I will donate to the project if issue is resolvedNo
Database type & version.
Server OS (if known).
Webserver software & version (if known)
PHP Version.

Users monitoring this issue

User List galads




2021-08-26 10:27

administrator   ~66149

Last edited: 2021-08-26 11:24

View 2 revisions

Some considerations:

- The Authwebserver plugin is rarely used so the issue is considered to be low priority
- We cannot just move the refactored controllers to /admin because the old and new way to call controllers would collide.
- It makes sense to have path-wise the controllers in a directory to have a clear separation between survey-taking and administration

How to fix this:

- Establish a differently named subdirectory in /controllers , for example /administration
- Move the refactored controllers there, correct paths/views etc.
- Keep refactoring old controllers

This would allow webauth to be used if applied on /admin and /administration directory.

This should happen in the dev branch because moving the controllers is quite extensive


2021-08-27 12:10

reporter   ~66155

Many thanks for your response. Is there any another options?
Self user registration?
We are Univercity College and we have obout 15K potentials users. It was easy to login with SSO with college account.
Any other sugestions?

thanks for any help


2021-08-30 14:06

administrator   ~66183


I think the Authwebserver plugin is different from SSO (LimeSAML plugin). If you want to use SSO, this will work.


2021-09-17 16:14

administrator   ~66521

Authwebserver plugin could be extended to check for "Administration" in the controller URL, perhaps?


2021-09-20 15:05

reporter   ~66529

We used Authwebserver already 10 years with Shibboleth login. Can I use another alternative? Where can I download LimeSAML plugin? How to install it?

Issue History

Date Modified Username Field Change
2021-08-26 10:22 c_schmitz New Issue
2021-08-26 10:22 c_schmitz Status new => assigned
2021-08-26 10:22 c_schmitz Assigned To => c_schmitz
2021-08-26 10:22 c_schmitz Priority none => low
2021-08-26 10:22 c_schmitz Severity minor => block
2021-08-26 10:27 c_schmitz Note Added: 66149
2021-08-26 10:27 c_schmitz Bug heat 0 => 2
2021-08-26 10:29 c_schmitz Description Updated View Revisions
2021-08-26 11:24 c_schmitz Note Edited: 66149 View Revisions
2021-08-27 12:10 nohcho82 Note Added: 66155
2021-08-27 12:10 nohcho82 Bug heat 2 => 4
2021-08-30 14:06 galads Note Added: 66183
2021-08-30 14:06 galads Bug heat 4 => 6
2021-08-30 14:06 galads Issue Monitored: galads
2021-08-30 14:06 galads Bug heat 6 => 8
2021-09-17 16:14 ollehar Note Added: 66521
2021-09-17 16:14 ollehar Bug heat 8 => 10
2021-09-17 16:16 ollehar Status assigned => acknowledged
2021-09-20 15:05 nohcho82 Note Added: 66529