Anonymous Login
2017-01-22 19:23 CET

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
07049Bug reports[All Projects] Authenticationpublic2013-03-02 16:34
Assigned Toc_schmitz 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07049: Webserver authentication is not implemented
DescriptionI cannot protect the admin interface with a Apache Basic authentication because I get the LimeSurvey login screen after a successful basic auth.
When I click on the login button of the LimeSurvey login form (without username/password) the authenticated user will be correct registered but I get the LimeSurvey login screen again. I cannot upgrade to 2.x. because I'm missing the behavior of the old v1.9x builds.
Steps To ReproduceMy Apache ask for the username and password when a went to the admin interface. After a successful Basic authentication I get the unwanted LimeSurvey login screen.

Apache 2.4 config snippet:
<Directory /opt/limesurvey>
        <If "%{PATH_INFO} =~ m#/admin#">
                AuthType Basic
                AuthName "Account"
                require valid-user

Limesurvey config.php snippet:
return array(
                'auth_webserver_user_map' => Array('xxxxx' => 'admin'),
               'auth_webserver_autocreate_profile' => Array(
                        'full_name' => preg_match('/@/',$_SERVER['REMOTE_USER']) ? strtok($_SERVER['REMOTE_USER'],'@') : $_SERVER['REMOTE_USER'],
                        'email' => preg_match('/@/',$_SERVER['REMOTE_USER'])? $_SERVER['REMOTE_USER'] : $_SERVER['REMOTE_USER'].'',
                        'lang' => 'en',
                        'htmleditormode' => 'inline',
                        'templatelist' => 'default,basic,bluengrey,citronade,clear_logo,eirenicon,limespired,mint_idea,sherpa,vallendar',
                        'create_survey' => 1,
                        'create_user' => 0,
                        'delete_user' => 0,
                        'superadmin' => 0,
                        'configurator' => 0,
                        'manage_template' => 0,
                        'manage_label' => 0

Additional InformationI can't find any REMOTE_USER or REDIRECT_REMOTE_USER string in the LimeSurvey code base and in the authentication controller (except in the Statistics_userController.php). In the old build (192plus-build120919) the authentication and auto registration features work fine because admin/usercontrol.php evaluates the REMOTE_USER.
TagsNo tags attached.
Complete LimeSurvey version number (& build)121204
I will donate to the project if issue is resolvedNo
Database & DB-VersionMySQL
Operating System (Server)Linux
Webserver software & versionApache 2.4.3
PHP Version5.3.18
Attached Files

duplicate of 07021closedc_schmitz Web Server Auth Broken (again) in latest build 



drohde (reporter)

this bug report is not a duplicate and is not fixed yet (build build130206). There isn't any REMOTE_USER or REDIRECT_REMOTE_USER evaluation in the UserIdentity class or in any controller.

I expect following behavior (like it was in 1.9+ versions):
   1 after calling the admin interface the Apache asks for login and password
   2 after successful login:
      2.1 a unknown user will be registered
      2.2 user is logged in
I cannot upgrade yet because I have 40.000 potential users in my production environment and I need the Apache Basic authentication and a automated user registration.



c_schmitz (administrator)

Fix committed to master branch:


drohde (reporter)

the fix works



c_schmitz (administrator)

2.00 Build 130219 released


c_schmitz (administrator)

Fix committed to master branch:


c_schmitz (administrator)

Fix committed to 2.1 branch:

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-12-07 15:14 drohde New Issue
2012-12-07 15:25 c_schmitz Relationship added duplicate of 07021
2012-12-07 15:26 c_schmitz Status new => closed
2012-12-07 15:26 c_schmitz Assigned To => c_schmitz
2012-12-07 15:26 c_schmitz Resolution open => duplicate
2013-02-11 08:52 drohde Note Added: 24024
2013-02-11 08:52 drohde Status closed => feedback
2013-02-11 08:52 drohde Resolution duplicate => reopened
2013-02-15 14:54 c_schmitz Status feedback => resolved
2013-02-15 14:54 c_schmitz Fixed in Version => 2.00+
2013-02-15 14:54 c_schmitz Resolution reopened => fixed
2013-02-15 14:56 c_schmitz Changeset attached => LimeSurvey master 645ea656
2013-02-15 14:56 c_schmitz Note Added: 24110
2013-02-18 10:24 drohde Note Added: 24141
2013-02-19 11:13 c_schmitz Note Added: 24152
2013-02-19 11:13 c_schmitz Status resolved => closed
2013-02-25 11:18 c_schmitz Changeset attached => LimeSurvey master ad10c283
2013-02-25 11:18 c_schmitz Note Added: 24255
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 e3706b1c
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 6eaf4fbf
2013-03-02 16:34 c_schmitz Note Added: 24472
+Issue History