View Issue Details

Jump to NotesJump to History
This issue affects 1 person(s).
 6
IDProjectCategoryView StatusDate SubmittedLast Update
08427Bug reportsSurvey participants (Tokens)public2013-12-05 11:402013-12-19 08:56
Reporterchettor Assigned Toc_schmitz  
PrioritynormalSeveritypartial_block 
Status closedResolutionunable to reproduce 
Product Version2.00+ 
Summary08427: Problem displaying tokens when using apache mod-auth-cas
Description

Hi,

I'm using a SSO-CAS server to protect the admin part of Limesurvey.
It seems to work fine but i'm having trouble with displaying tokens when using apache mod-auth-cas.
mod-auth-cas use cookies to deal with a SSO-CAS server to authenticate logged user. This cookie is normally embed with every request.
mod-auth-cas is responsible to redirect the user if no CAS session was enable.

In the case of loading tokens, Limesurvey seems to remove (or don't include) existing cookies.

Here is a dump the first request witch display the main token list page :

GET /limesurvey/index.php/admin/tokens/sa/browse/surveyid/647246 HTTP/1.1
Cookie: MOD_AUTH_CAS=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy; PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxx

Everything's ok. My CAS cookie is present

Now the Ajax request witch load tokens :

POST /limesurvey/index.php/admin/tokens/sa/getTokens_json/surveyid/647246 HTTP/1.1
[...]
Cookie: PHPSESSID=uvut25tbn5cf3rnvb91j8irml4
[...]

My CAS cookie disappear :(

Tokens won't load and behind the scene, the ajax response redirect to my CAS server :
HTTP/1.1 302 Found
Location: https://casserver/cas/login?service=xxxxxxx%2flimesurvey%2findex.php%2fadmin%2ftokens%2fsa%2fgetTokens_json%2fsurveyid%2f647246

Steps To Reproduce

See description

Additional Information

mod-auth-cas 1.0.9

TagsNo tags attached.
Bug heat6
Complete LimeSurvey version number (& build)Version 2.00+ Build 131202
I will donate to the project if issue is resolvedNo
BrowserAll
Database type & versionMySQL 5.5.31
Server OS (if known)Debian
Webserver software & version (if known)Apache 2.2
PHP Version5.4

Users monitoring this issue

chettor

Activities

chettor

chettor

2013-12-05 15:00

reporter   ~27500

To complete the issue:

Ajax loading of survey's list work fine.
Here, you can see that my CAS cookie is correctly embed :

POST /limesurvey/index.php/admin/survey/sa/getSurveys_json HTTP/1.1
Cookie: MOD_AUTH_CAS=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy; PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxx
c_schmitz

c_schmitz

2013-12-05 15:34

administrator   ~27503

I am sorry but we don't have any test environment on CAS. From what I know is that LimeSurvey does not remove cookies, either. Are you capable of debugging and see at which point the cookie is gone?
Did you try a different browser?
c_schmitz

c_schmitz

2013-12-18 21:56

administrator   ~27622

Feedback please?
chettor

chettor

2013-12-19 08:50

reporter   ~27624

I have no skills in PHP Debbuging, so I centered my research on on the apache/mod_cas configuration.
I found yesterday a potential misconfiguration in my apache/cas file.

For potential Apache/CAS user, I changed :

<Location /limesurvey/index.php/admin/ >
[...]
Authtype CAS
require valid-user
[...]
</Location>

to

<Location /limesurvey/index.php/admin >
[...]
Authtype CAS
require valid-user
[...]
</Location>

(note the / at the end of the URL)

Seems to work for now with lastest FF & Chrome.
c_schmitz

c_schmitz

2013-12-19 08:56

administrator   ~27625

Ok, thank you for your feedback!

Issue History

Date Modified Username Field Change
2013-12-05 11:40 chettor New Issue
2013-12-05 14:55 chettor Issue Monitored: chettor
2013-12-05 15:00 chettor Note Added: 27500
2013-12-05 15:34 c_schmitz Note Added: 27503
2013-12-06 09:03 c_schmitz Assigned To => c_schmitz
2013-12-06 09:03 c_schmitz Status new => feedback
2013-12-18 21:56 c_schmitz Note Added: 27622
2013-12-19 08:50 chettor Note Added: 27624
2013-12-19 08:50 chettor Status feedback => assigned
2013-12-19 08:56 c_schmitz Note Added: 27625
2013-12-19 08:56 c_schmitz Status assigned => closed
2013-12-19 08:56 c_schmitz Resolution open => unable to reproduce
2016-12-08 10:39 c_schmitz Category Tokens => Survey participants (Tokens)
2021-08-25 01:39 guest Bug heat 4 => 6