WeBWorK Main Forum

Webwork 2.18/2.19 with Shibboleth

Re: Webwork 2.18/2.19 with Shibboleth

by Thore Saathoff -
Number of replies: 18
The installation runs completely and without problems with the "WeBWorK::Authen::Basic_TheLastOption". If I activate Shibboleth, I can log in and view my grades, for example. But I am not able to use the account settings, instructor tools etc. Here I get the error message:
####################################################
WeBWorK error
An error occurred while processing your request.

For help, please send mail to this site's webmaster xxx, including all of the following information as well as what what you were doing when the error occurred.

Error record identifier
5a51cc8d-fce2-520f-a77a-9f116d9cf56e::8b987333-6f3d-11ef-82b8-ed25fb9c3f9b

Error messages
Can't use an undefined value as a HASH reference at /usr/share/perl5/Mojolicious/Plugin/DefaultHelpers.pm line 341.

Context
336:
337: my $stash = $c->stash;
338: return $stash->{'mojo.validation'} if $stash->{'mojo.validation'};
339:
340: my $req = $c->req;
341: my $token = $c->session->{csrf_token};
342: my $header = $req->headers->header('X-CSRF-Token');
343: my $hash = $req->params->to_hash;
344: $hash->{csrf_token} //= $header if $token && $header;
345: $hash->{$_} = $req->every_upload($_) for map { $_->name } @{$req->uploads};
346: my $v = $c->app->validator->validation->input($hash);

Call stack
in Mojo::Template::__ANON__ called at line 341 of /usr/share/perl5/Mojolicious/Plugin/DefaultHelpers.pm
in Mojolicious::Plugin::DefaultHelpers::_validation called at line 76 of /usr/share/perl5/Mojolicious/Renderer.pm
in Mojolicious::Renderer::Helpers::df0b9b7b7653fffae31aa9c83dcae0c3::validation called at line 209 of /usr/share/perl5/Mojolicious/Plugin/TagHelpers.pm
in Mojolicious::Plugin::TagHelpers::_validation called at line 124 of /usr/share/perl5/Mojolicious/Plugin/TagHelpers.pm
in Mojolicious::Plugin::TagHelpers::_label_for called at line 48 of /usr/share/perl5/Mojolicious/Plugin/EPRenderer.pm
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::label_for called at line 10 of template ContentGenerator/Instructor/SetMaker/top_row.html.ep
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::__ANON__ called at line 160 of /usr/share/perl5/Mojo/Template.pm
in (eval) called at line 160 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::process called at line 163 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::render called at line 173 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::render_file called at line 40 of /usr/share/perl5/Mojolicious/Plugin/EPLRenderer.pm
in Mojolicious::Plugin::EPLRenderer::_render called at line 39 of /usr/share/perl5/Mojolicious/Plugin/EPRenderer.pm
in Mojolicious::Plugin::EPRenderer::__ANON__ called at line 229 of /usr/share/perl5/Mojolicious/Renderer.pm
in Mojolicious::Renderer::_render_template called at line 108 of /usr/share/perl5/Mojolicious/Renderer.pm
in Mojolicious::Renderer::render called at line 149 of /usr/share/perl5/Mojolicious/Controller.pm
in Mojolicious::Controller::render called at line 163 of /usr/share/perl5/Mojolicious/Controller.pm
in Mojolicious::Controller::render_to_string called at line 42 of /usr/share/perl5/Mojolicious/Plugin/DefaultHelpers.pm
in Mojolicious::Plugin::DefaultHelpers::__ANON__ called at line 48 of /usr/share/perl5/Mojolicious/Plugin/EPRenderer.pm
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::include called at line 37 of template ContentGenerator/Instructor/SetMaker.html.ep
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::__ANON__ called at line 289 of /usr/share/perl5/Mojo/DOM/HTML.pm
in Mojo::DOM::HTML::_tag called at line 176 of /usr/share/perl5/Mojo/DOM/HTML.pm
in Mojo::DOM::HTML::tag_to_html called at line 188 of /usr/share/perl5/Mojolicious/Plugin/TagHelpers.pm
in Mojolicious::Plugin::TagHelpers::_tag called at line 85 of /usr/share/perl5/Mojolicious/Plugin/TagHelpers.pm
in Mojolicious::Plugin::TagHelpers::_form_for called at line 48 of /usr/share/perl5/Mojolicious/Plugin/EPRenderer.pm
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::form_for called at line 90 of template ContentGenerator/Instructor/SetMaker.html.ep
in Mojo::Template::Sandbox::edda140506de79a8bed1cbc425c03843::__ANON__ called at line 160 of /usr/share/perl5/Mojo/Template.pm
in (eval) called at line 160 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::process called at line 163 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::render called at line 173 of /usr/share/perl5/Mojo/Template.pm
in Mojo::Template::render_file called at line 40 of /usr/share/perl5/Mojolicious/Plugin/EPLRenderer.pm
in Mojolicious::Plugin::EPLRenderer::_render called at line 39 of /usr/share/perl5/Mojolicious/Plugin/EPRenderer.pm
in Mojolicious::Plugin::EPRenderer::__ANON__ called at line 229 of /usr/share/perl5/Mojolicious/Renderer.pm
in Mojolicious::Renderer::_render_template called at line 108 of /usr/share/perl5/Mojolicious/Renderer.pm
in Mojolicious::Renderer::render called at line 149 of /usr/share/perl5/Mojolicious/Controller.pm
in Mojolicious::Controller::render called at line 451 of /opt/webwork/webwork2/lib/WeBWorK/ContentGenerator.pm
in WeBWorK::ContentGenerator::content called at line 150 of /opt/webwork/webwork2/lib/WeBWorK/ContentGenerator.pm
in (eval) called at line 109 of /opt/webwork/webwork2/lib/WeBWorK/ContentGenerator.pm
in WeBWorK::ContentGenerator::go called at line 193 of /usr/share/perl5/Mojolicious.pm
in Mojolicious::_action called at line 15 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::__ANON__ called at line 165 of /opt/webwork/webwork2/lib/Mojolicious/WeBWorK.pm
in (eval) called at line 145 of /opt/webwork/webwork2/lib/Mojolicious/WeBWorK.pm
in Mojolicious::WeBWorK::__ANON__ called at line 15 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::__ANON__ called at line 18 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::emit_chain called at line 88 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::_action called at line 161 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::_controller called at line 44 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::continue called at line 46 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::continue called at line 46 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::continue called at line 46 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::continue called at line 52 of /usr/share/perl5/Mojolicious/Routes.pm
in Mojolicious::Routes::dispatch called at line 127 of /usr/share/perl5/Mojolicious.pm
in Mojolicious::dispatch called at line 136 of /usr/share/perl5/Mojolicious.pm
in Mojolicious::__ANON__ called at line 15 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::__ANON__ called at line 203 of /usr/share/perl5/Mojolicious.pm
in (eval) called at line 203 of /usr/share/perl5/Mojolicious.pm
in Mojolicious::_exception called at line 15 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::__ANON__ called at line 18 of /usr/share/perl5/Mojolicious/Plugins.pm
in Mojolicious::Plugins::emit_chain called at line 141 of /usr/share/perl5/Mojolicious.pm
in Mojolicious::handler called at line 72 of /usr/share/perl5/Mojo/Server.pm
in Mojo::Server::__ANON__ called at line 15 of /usr/share/perl5/Mojo/EventEmitter.pm
in Mojo::EventEmitter::emit called at line 103 of /usr/share/perl5/Mojo/Server/Daemon.pm
in Mojo::Server::Daemon::__ANON__ called at line 15 of /usr/share/perl5/Mojo/EventEmitter.pm
in Mojo::EventEmitter::emit called at line 60 of /usr/share/perl5/Mojo/Transaction/HTTP.pm
in Mojo::Transaction::HTTP::server_read called at line 224 of /usr/share/perl5/Mojo/Server/Daemon.pm
in Mojo::Server::Daemon::_read called at line 202 of /usr/share/perl5/Mojo/Server/Daemon.pm
in Mojo::Server::Daemon::__ANON__ called at line 15 of /usr/share/perl5/Mojo/EventEmitter.pm
in Mojo::EventEmitter::emit called at line 109 of /usr/share/perl5/Mojo/IOLoop/Stream.pm
in Mojo::IOLoop::Stream::_read called at line 57 of /usr/share/perl5/Mojo/IOLoop/Stream.pm
in Mojo::IOLoop::Stream::__ANON__ called at line 141 of /usr/share/perl5/Mojo/Reactor/Poll.pm
in (eval) called at line 141 of /usr/share/perl5/Mojo/Reactor/Poll.pm
in Mojo::Reactor::Poll::_try called at line 54 of /usr/share/perl5/Mojo/Reactor/EV.pm
in Mojo::Reactor::EV::__ANON__ called at line 32 of /usr/share/perl5/Mojo/Reactor/EV.pm
in (eval) called at line 32 of /usr/share/perl5/Mojo/Reactor/EV.pm
in Mojo::Reactor::EV::start called at line 134 of /usr/share/perl5/Mojo/IOLoop.pm
in Mojo::IOLoop::start called at line 152 of /usr/share/perl5/Mojo/Server/Prefork.pm
in Mojo::Server::Prefork::_spawn called at line 93 of /usr/share/perl5/Mojo/Server/Prefork.pm
in Mojo::Server::Prefork::_manage called at line 78 of /usr/share/perl5/Mojo/Server/Prefork.pm
in Mojo::Server::Prefork::run called at line 74 of /usr/share/perl5/Mojo/Server/Hypnotoad.pm
in Mojo::Server::Hypnotoad::run called at line 14 of /usr/bin/hypnotoad
####################################################

If I set “$c->stash(disable_cookies => 0);” in the Shibboleth.pm I get further but after a few clicks I get the error message:
####################################################
WarningLibrary Browser
Warning: There may be something wrong with this question. Please inform your instructor including the warning messages below.

WeBWorK has encountered warnings while processing your request. If this occurred when viewing a problem, it was likely caused by an error or ambiguity in that problem. Otherwise, it may indicate a problem with the WeBWorK system itself. If you are a student, report these warnings to your professor to have them corrected. If you are a professor, please consult the warning output below for more information.
Warning messages

    Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.
    Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.
####################################################

And in case I have something wrong in the Apache config:
####################################################
Apache config<VirtualHost hostname.de:80>
        ServerName hostname.de
        Redirect permanent / https://hostname.de/
</VirtualHost>

<VirtualHost hostname.de:443>
        ServerName hostname.de
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile      crt.pem
        SSLCertificateKeyFile   key.pem
        SSLCertificateChainFile chain.pem
        SSLProtocol All -SSLv2 -SSLv3
        SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        <Location / >
            Require all granted
        </Location>
##_Host1_##
        <Location /host1>
            ProxyPreserveHost on
            ProxyPass                            http://192.168.1.20:8000/host1
            ProxyPassReverse                    http://192.168.1.20:8000/host1
        
            AuthType shibboleth
            ShibRequestSetting requireSession On
            ShibUseHeaders On
            Require valid-user
        </Location>
##_WeBWorK219_##
        <Proxy /webwork2/*>
            Require all granted
        </Proxy>
        
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass                /webwork2        http://192.168.1.18:8080/webwork2 keepalive=On
        ProxyPassReverse        /webwork2        http://192.168.1.18:8080/webwork2
        ProxyPass                /webwork2/*        http://192.168.1.18:8080/webwork2/ keepalive=On
        ProxyPassReverse        /webwork2/*        http://192.168.1.18:8080/webwork2/
        
        <Location /webwork2>
            RequestHeader set X-Forwarded-Proto "https"
            
            AuthType shibboleth
            ShibRequestSetting requireSession 1
            ShibUseHeaders On
            Require valid-user
        </Location>
        <Proxy /webwork2_files/*>
            Require all granted
        </Proxy>
        ProxyRequests Off
        ProxyPass       /webwork2_files            http://192.168.1.18:8080/webwork2_file keepalive=On
        <Proxy /pg_files/*>
            Require all granted
        </Proxy>
        ProxyRequests Off
        ProxyPass       /pg_files                http://192.168.1.18:8080/pg_files keepalive=On
        <Proxy /webwork2_course_files/*>
            Require all granted
            </Proxy>
        <Location /webwork2_course_files>
            Require all granted
        </Location>
        ProxyRequests Off
        ProxyPass       /webwork2_course_files    http://192.168.1.18:8080/webwork2_course_files keepalive=On
</VirtualHost>
####################################################

And if it helps, the mojo debug output for on Click (disable_cookies => 1):
####################################################
Debug [Tue Sep 10 11:45:29.945827 2024] (eval):

===> Begin WeBWorK::dispatch() <===

[Tue Sep 10 11:45:29.945974 2024] (eval): Hi, I'm the new dispatcher!
[Tue Sep 10 11:45:29.946024 2024] (eval): --------------------------------------------------------------------------------
[Tue Sep 10 11:45:29.946065 2024] (eval): Okay, I got some basic information:
[Tue Sep 10 11:45:29.946104 2024] (eval): The site location is /webwork2
[Tue Sep 10 11:45:29.946141 2024] (eval): The request method is GET
[Tue Sep 10 11:45:29.946241 2024] (eval): The URI is /webwork2/test/instructor
[Tue Sep 10 11:45:29.946294 2024] (eval): The argument string is effectiveUser=mail%40host.de
[Tue Sep 10 11:45:29.946334 2024] (eval): --------------------------------------------------------------------------------
[Tue Sep 10 11:45:29.946398 2024] (eval): The path is /test/instructor/
[Tue Sep 10 11:45:29.946450 2024] (eval): The current route is instructor_tools
[Tue Sep 10 11:45:29.946487 2024] (eval): Here is some information about this route:
[Tue Sep 10 11:45:29.946528 2024] (eval): The display module for this route is WeBWorK::ContentGenerator::Instructor::Index
[Tue Sep 10 11:45:29.946564 2024] (eval): This route has the following captures:
[Tue Sep 10 11:45:29.946601 2024] (eval):     controller => Instructor::Index
[Tue Sep 10 11:45:29.946636 2024] (eval):     action => go
[Tue Sep 10 11:45:29.946671 2024] (eval):     courseID => test
[Tue Sep 10 11:45:29.946707 2024] (eval): --------------------------------------------------------------------------------
[Tue Sep 10 11:45:29.946743 2024] (eval): Now we want to look at the parameters we got.
[Tue Sep 10 11:45:29.946778 2024] (eval): The raw params:
[Tue Sep 10 11:45:29.946859 2024] (eval):     effectiveUser => "mail@host.de"
[Tue Sep 10 11:45:29.946905 2024] (eval): --------------------------------------------------------------------------------
[Tue Sep 10 11:45:29.946949 2024] (eval): We need to get a course environment (with or without a courseID!)
[Tue Sep 10 11:45:29.950976 2024] (eval): Here's the course environment: WeBWorK::CourseEnvironment=HASH(0xyyyyyy74c6d0)
[Tue Sep 10 11:45:29.951331 2024] (eval): Using authentication module WeBWorK::Authen::Shibboleth: WeBWorK::Authen::Shibboleth=HASH(0xyyyyyy74b6e8)
[Tue Sep 10 11:45:29.951411 2024] (eval): We got a courseID from the route, now we can do some stuff:
[Tue Sep 10 11:45:29.951462 2024] (eval): ...we can create a database object...
[Tue Sep 10 11:45:29.957269 2024] (eval): (here's the DB handle: WeBWorK::DB=HASH(0xyyyyyy74b1a8))
[Tue Sep 10 11:45:29.957325 2024] WeBWorK::Authen::verify: BEGIN VERIFY
[Tue Sep 10 11:45:29.957359 2024] WeBWorK::Authen::do_verify: db ok
[Tue Sep 10 11:45:29.957391 2024] WeBWorK::Authen::Shibboleth::get_credentials: Shib is on!
[Tue Sep 10 11:45:29.957422 2024] WeBWorK::Authen::Shibboleth::get_credentials: Got shib header (mail) and user_id (mail@host.de)
[Tue Sep 10 11:45:29.957987 2024] WeBWorK::Authen::do_verify: credentials ok
[Tue Sep 10 11:45:29.958442 2024] WeBWorK::Authen::do_verify: check user ok
[Tue Sep 10 11:45:29.958774 2024] WeBWorK::Authen::verify_normal_user: sessionExists='1' keyMatches='' timestampValid='1'
[Tue Sep 10 11:45:29.959986 2024] WeBWorK::Authen::write_log_entry: Writing to login log: 'AUTH WWDB: password rejected, deferring to site_checkPassword user_id=mail@host.de login_type=normal credential_source=params host=yyyyyy port=55324 UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0'.
[Tue Sep 10 11:45:29.961162 2024] WeBWorK::Authen::write_log_entry: Writing to login log: 'LOGIN OK user_id=mail@host.de login_type=normal credential_source=params host=yyyyyy port=55324 UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0'.
[Tue Sep 10 11:45:29.961307 2024] WeBWorK::Authen::set_params: params user='mail@host.de' key='yyyyyykeyyyyyyy'
[Tue Sep 10 11:45:29.961346 2024] WeBWorK::Authen::verify: END VERIFY
[Tue Sep 10 11:45:29.961370 2024] WeBWorK::Authen::verify: result 1
[Tue Sep 10 11:45:29.961401 2024] (eval): Hi, mail@host.de, glad you made it.
[Tue Sep 10 11:45:29.961873 2024] (eval): Now we deal with the effective user:
[Tue Sep 10 11:45:29.961922 2024] (eval): userID=mail@host.de eUserID=mail@host.de
[Tue Sep 10 11:45:29.979687 2024] WeBWorK::Authen::store_session: Saving database session.  The database session contains
{
  "key" => "yyyyyykeyyyyyyy",
  "session" => {},
  "timestamp" => 1725961529,
  "user_id" => "mail\@host.de"
}
####################################################

I hope this helps you further.
In reply to Thore Saathoff

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -

Seeing same error message, did anyone find any solution?

In reply to Allen Sabernick

Re: Webwork 2.18/2.19 with Shibboleth

by Danny Glin -
Are you using a proxy with WeBWorK? If so you will need to check the things mentioned in his post.
In reply to Danny Glin

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -
Yes, we have the proxy settings set as mentioned.
In reply to Allen Sabernick

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -
I believe that the problem that is occurring is that the Shibboleth code has not been properly updated to work with the webwork2 session. The check_session call in lib/WeBWorK/Authen/Shibboleth.pm does not properly initialize the webwork2 database session. Unfortunately, I am not certain how to fix the issue since I do not have a Shibboleth identity provider to test with.
In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -
I have created a pull request that does what I believe is needed to fix the issues reported here. Since I can't test the code, I offer no guarantees though. If you could test this and see if it fixes the issue, that would be extremely helpful. The hotfix pull request to main is https://github.com/openwebwork/webwork2/pull/2609.
In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Thore Saathoff -

Hello,

I have tested it. The csrf_token error is gone.

But now I get others.
--> template ContentGenerator/Login.html.ep line 12

What I did to generate the attached logs:

Clicks: Frontpage --> Course "test1" --> Problem Editor --> Library Browser --> selected something from Subject: --> View Problems

On Site Errors:
Problem Editor
    -->    Rendering error: Authentication failed. Log in again to continue.
Library Browser
 - selected something from Subject:
    -->    /webwork2/instructor_rpc
        Authentication failed. Log in again to continue.
 - View Problems
    -->    Warning: There may be something wrong with this question. Please inform your instructor including the warning messages below.
        The course test1 uses an external authentication system (). Please return to that system to access this course.

        WeBWorK Warnings
            WeBWorK has encountered warnings while processing your request. If this occurred when viewing a problem, it was likely caused by an error or ambiguity in that problem. Otherwise, it may indicate a problem with the WeBWorK system itself. If you are a student, report these warnings to your professor to have them corrected. If you are a professor, please consult the warning output below for more information.

        Warning messages
            Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.
            Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.

        Request information
        Time    Tue Oct 22 09:22:49 2024
        Method    POST
        URI    /webwork2/test1/instructor/setmaker

In reply to Thore Saathoff

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -

Yeah, I expected that rpc calls would fail.

Looking at the Shibboleth code, I see that even prior to the recent authentication renovation, Shibboleth was rife with security vulnerabilities.

Unfortunately, unless someone has time to work closely with me on this Shibboleth is a lost cause.  The attempts that have  been made to fix Shibboleth have been done by individuals that really don't know how webwork2's authentication works.  As such, they get some of the bare bones functionality working, but don't get the complete package working and leave security vulnerabilities open.


In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -
Can I ask what you mean by work with you closely? I'm not a web developer, but I have a WW 2.19 instance with Shibboleth setup and am happy to provide any information I can that might be of assistance in getting this to work. After applying 2609, in the admin instructors, all the navigation pages are now working, although various actions are still failing (note, have not even tried any of the user course things). Things still broke:
(1) In Accounts Manager, clicking save edit fails, with warning of:
Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.
Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12.

(2) In Upgrade Courses, clicking Upgrade Courses fails, same error as above
In reply to Allen Sabernick

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -
Working closely with me would mean meeting with me (via Zoom or such) to fix the issues.  In fact, I am going to be meeting with Gavin LaRose next week to work on this.  So hopefully we will get this sorted out soon.

The warnings "Use of uninitialized value in hash element at template ContentGenerator/Login.html.ep line 12." are actually inconsequential.  You could set $LTI{v1p1}{LMS_name} in localOverrides.conf (and maybe another related variable) to eliminate those warnings.  More consequential though is the fact that that code is even called when you are saving on the accounts manager page.  That is showing a critical issue with the Shibboleth authentication module.

In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -

So I would be willing to have a zoom meeting to fix issues.  By adding following to localoverrides, I was able to get the contentGenenerator error to go away, but the net result is that most things no politely say, the course XXX uses an external authentication system (Shibboleth).  Please return to that system to access the course.    That message is in the login file, so my assumption is that further modification is needed in that file for the section where externalauth is used to allow it to proceed and actually do the work.

$LTIVersion = 'v1p1';
$LTI{v1p1}{LMS_name} = 'Shibboleth';

In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Thore Saathoff -

We are currently on version 2.16 and would like to switch to the latest version, but are dependent on Shibboleth. We would therefore be very happy to see further support for Shibboleth.
Unfortunately, I have no real idea about the WeBWorK security mechanisms. And what effect changes have on security. But with the patch #2609 and the commenting out of line 75 to 90 in the Shibboleth.pm (for testing purposes only), WeBWorK runs without errors so far. Cosign does not use any apparently comparable code, which leads to this attempt.

In reply to Thore Saathoff

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -

Although your rational for commenting out those lines is not quite correct, those lines do need to be removed for WeBWorK 2.19.  Note that the Cosign authentication module is even more out of date than the Shibboleth authentication module, and comparing to that module is not a valid justification.  For WeBWorK 2.17 and before lines 87-90 will be needed, but not lines 75-77.  My justification for this comes from a much deeper analysis that I can't divulge at this point (mostly due to security concerns, but also because my analysis is not quite complete at this point).

In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -

I have put in a pull request that fixes the Shibboleth issues.  It is at https://github.com/openwebwork/webwork2/pull/2612.  In order to fix it, I installed and configured a Shibboleth identity provider of my own.  So the pull request is not the guess like the previous one, and I have tested it personally.  I would appreciate it if those of you that use Shibboleth authentication could test it.

In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -
Things look very good. I had to add no warnings qw(experimental::signatures); to the Shibboleth.pm file to suppress messages about experimental, but otherwise, at least so far, I have not seen any other issues. Thank you much!
In reply to Allen Sabernick

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -
The use of signatures in Shibboleth.pm shouldn't cause warnings. Note that we use signatures in all of the ContentGenerator modules as well as many other places already. What versions of Mojolicious and perl do you have?
In reply to Glenn Rice

Re: Webwork 2.18/2.19 with Shibboleth

by Allen Sabernick -

Perl is (v5.32.1)

Mojolicious is 9.38

In reply to Allen Sabernick

Re: Webwork 2.18/2.19 with Shibboleth

by Glenn Rice -

Ahh, I forgot to remove "use strict" and "use warnings" from the module.  The Mojo::Base parent module adds those in such a way that the warnings about signatures will not happen (for perl versions prior to 5.36 in which signatures are no longer experimental).  Adding "use strict" and "use warnings" turns the signature warnings back on again.  I have fixed that in the pull request.