Installation

Authentication problem when using hmwk sets editor (shibboleth related)

Authentication problem when using hmwk sets editor (shibboleth related)

by Niall Madden -
Number of replies: 3

Hi all,

I'm new here, so "sorry" if this is the wrong forum for this question.

I've used WW for many years, but just recently we (with much effort) integrated our institution's Shibboleth SSO system. Mostly, it works fine. However, when using the Homework Sets Editor, every few minutes one gets redirected to a page with message like:

[Course Name] uses an external authentication system (e.g., Oncourse, CAS, Blackboard, Moodle, Canvas, etc.). Please return to system you used and try again.
All one can do is close the tab. Returning to the course's URL allows one to proceed (for a while, at least): re-authentication is not required.

As far as I know this only happens with the Hmwk sets editor; no students have reported problems, and recently I used the manual grader over a period of hours, without problems. Also, this has happened only since we turned on Shibboleth.

Any ideas what might be wrong, or, at least, where I can start looking?

Thanks!
Niall.
Tags:
In reply to Niall Madden

Re: Authentication problem when using hmwk sets editor (shibboleth related)

by Nathan Wallach -
It seems you are not the first person to report this. 

See:  https://webwork.maa.org/moodle/mod/forum/discuss.php?d=4329

According to that, the issue is triggered specifically by using "Save changes" and the first save works, but usually the second (or one soon afterwards) fails, as will many other menu items after the first save. It seems no one managed to find the bug and fix it since those reports.

I was curious and took a look. There is a mention in webwork2/lib/WeBWorK/Authen/Shibboleth.pm that the Shibboleth for WW does not use cookies, so maybe the reason this fails only for people using Shibboleth is that related to the fact that the renewed authentication/authorization must occur without a cookie, and for some reason clicking "Save changes" in the set editor causes this to fail.

One thing to try is to use developer mode in the browser to see (and the save) all the header and form data from the first time "Save Changes" is clicked, and then from the second time. Differences between what appears in the 2 request to the server may provide a hint as to what is really happening. (Are some form fields disappearing, are some header lines disappearing?)

Here is a somewhat wild conjecture. It could be that some critical "form fields" which need to be kept in the HTML form are being cleared and this is triggering the authentication failure. The reason I suspect that this might be a possible explanation is noticing the code  in webwork2/lib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail2.pm  below the comment about  "reset all the parameters dealing with set/problem/header information" (about line 1861, but the line number may vary depending on your version of WW). 
foreach my $param ($r->param) {
   $r->param($param, "") if $param =~ /^(set|problem|header)\./ && $param !~ /displaymode/;
}
If for some reason WW is storing some data in a form field used somehow by the WW+Shibboleth authentication and which is accidentally cleared there  - that would explain the error. However, I do not see anything in the WW code which seems to set a form field of a name which would be cleared here and which could be related to authentication.
In reply to Nathan Wallach

Re: Authentication problem when using hmwk sets editor (shibboleth related)

by Niall Madden -
Hi Nathan
Thanks for the swift reply.
I don't have a solution yet - though I have not yet tried "developer mode".
However, this has helped me reproduce this issue which I had though was intermittent: following the example in the thread you mentioned in the hmwk set editor, edit a set, click "save changes"; click that (or anything) again and it kicks me out. Only work-around is to temporarily disable external authentication while editing.
which can be done from the file manager (edit course.conf and add
$authen{user_module} = "WeBWorK::Authen";
at the end.
All the best,
Niall.
In reply to Nathan Wallach

Re: Authentication problem when using hmwk sets editor (shibboleth related)

by Niall Madden -

Hi all,

Just bumping this, since the issue persists, and is proving very irritating for instructors. To recap, we are using Shib authentication. But with it enabled, we see exactly the problem  Nathan referred to:

https://webwork.maa.org/moodle/mod/forum/discuss.php?d=4329

That is, if one clicks on "Save Changes" (even if no actual changes are made) and then click on *any* other link, one gets the message 

"[module] uses an external authentication system (e.g., Oncourse, CAS, Blackboard, Moodle, Canvas, etc.). Please return to system you used and try again".

Any ideas? I did try to look at the header and form data, as Nathan suggests, but don't really know what I am looking for/at. 

Any help would be very welcome.

Niall.