The issue here is that the key is not found on the server.
When that happens, the plugin is not used, so it uses authDb.

If key is not found, and default is checked, should not show the form but throw some kind of error?

When that happens, the plugin is not used, so it uses authDb.

It's the issue i think :)
It show "This disable …"

maybe do like AuthCas : https://github.com/univlorraine/limesurvey-cas

When you're done, click on activate. Once done, it won't be possible to authenticate by another mechanism unless you use the specific url ls_url/index.php/admin/authentication/sa/login?noAuthCAS=true.

IMHO authwebserver is in general broken.
The main reason is that some admin URLs are not under /admin anymore, right now
This needs to be fixed first.

I will fix this issue honoring "This disable …" checkbox, even if the key doesn't match.
ThenI will review the paths issue mentioned by c_schmitz

Thanks!

Maybe it's more an "sentence help" issue ;)

PR: https://github.com/LimeSurvey/LimeSurvey/pull/2210

@c_schmitz Can you tell me an example of this urls not covered by the authwebserver?
I will open a new ticket later

QuestionAdministrationController.php
QuestionGroupsAdministrationController.php
ResponsesController.php
SurveyAdministrationController.php
SurveysGroupsPermissionController.php
ThemeOptionsController.php
UserGroupController.php
UserManagementController.php
UserRoleController.php

any maybe a couple more

IMHO they cannot co-exist in the /admin subdirectory because the routing is different.

All:
I would suggest a general config setting on the config files for swhitching on emergnecy to regular login, just in case someone gets locked out. Ex: Set the AithWebserver but the webserver is not properly setup, how do I login again to deactivate the plugin?

@c_schmitz Will review the list. Thanks

@gabrieljenik : see my comment on pull request. Maybe adding in plugin settings : "Default if not set too" to false by default ?
Or «And , maybe a config['authwebserver_checkserverkey'] to true by default, not updatable via GUI (or updatable via GUI)»

About other controller : need to extend another controller ? And check access in run action ?

About other controller : need to extend another controller ? And check access in run action ?

Create a new bug for that. 17860

About the other comments, I think all are addressed as code review is OK.

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=33221

Fixed in Release 5.3.0+220228