UsingWW: Shibboleth Authentication-shib.conf Regex not working

I am following this documentation to set up shibboleth authentication, and I am stuck where it states to do the Regex of <LocationMatch ^/[^webwork2_files|^webwork2_course_files]>. When I restart Apache, and click on the class I get an error stating authentication failed as shown below. When this happens it doesn't pass through to our 2FA system. To test if it is our 2FA system set up, I had also set up (and commented in/out) putting all of webwork behind shib via <Location /webwork2> and it works. Attached is also the current shib.conf file. Am I missing anything in my shib.conf file that is causing this?

Your authentication failed. Please try again. Please speak with your instructor if you need help

Re: Shibboleth Authentication-shib.conf Regex not working

by Danny Glin - Tuesday, 22 November 2022, 12:53 PM

I don't have any experience with the Shibboleth module for WeBWorK, but the error message you posted seems to indicate that the authentication piece is completing successfully, but then something is going wrong accessing the course.

A couple of suggestions:

The message says that you aren't allowed to log in to the course. Has the user's account been created in WeBWorK? I didn't think that the Shibboleth module automatically created users, so that likely has to be done beforehand.
Check the apache error log and the course login log to see if they give you more detail about the error.

Re: Shibboleth Authentication-shib.conf Regex not working

by Kevin de la Cueva - Tuesday, 22 November 2022, 1:30 PM

Yeah, that is the interesting thing. I get the error message because it is not pushing the log in process to Shib. I guess the easiest way to state it is this: Currently you click on the Class > then you get the Error, rather than Clicking on Class > Shib starts > Log in to user> Success/Error.

I did create the user and add the user (my own account) to the class. It seems to be dropping Shib/2FA from the log in infrastructure.

Re: Shibboleth Authentication-shib.conf Regex not working

by Kevin de la Cueva - Wednesday, 30 November 2022, 5:21 PM

There was a bug in the file Shibboleth.pm, which caused this error. See: https://github.com/openwebwork/webwork2/issues/1844

Alongside this bug, the documentation for using Shibboleth was incorrect in the first place. Please see the revised documentation that is now posted to the Wiki, which includes a more clean and streamlined regex entry.

I worked with my campuses senior security personnel to help debug this issue in our instance, and to propose a hotfix for WW2.17.

WW2.16 may still have this bug.

Known working fine in WW2.14.

Using WeBWorK

Installation

Shibboleth Authentication-shib.conf Regex not working

Shibboleth Authentication-shib.conf Regex not working

Re: Shibboleth Authentication-shib.conf Regex not working

Re: Shibboleth Authentication-shib.conf Regex not working

Re: Shibboleth Authentication-shib.conf Regex not working