- Posts: 1
- Thank you received: 0
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
OAuth2 plugin infinite authentication loop
- cbfrek
- Topic Author
- Offline
- New Member
Less
More
4 months 3 weeks ago #254079
by cbfrek
OAuth2 plugin infinite authentication loop was created by cbfrek
Your LimeSurvey version: 6.4.0+231218
Own server or LimeSurvey hosting: own server IIS 10 + PHP 8.1.22.
Survey theme/template: Bootswatch
==================
I have installed this third party plugin github.com/BDSU/limesurvey-oauth2 after modifying the config.xml file in the zip file to add version 6.
Authentication is working (I get a token and LimeSurvey creates a session), but I get stuck into infinite loops between /index.php?r=admin/authentication/sa/login which redirects to OAuth server which redirects to survey-uat.cbre.fr/index.php?r=admin%2fa...n%2fsa%2flogin&code= ... which redirects to /index.php?r=admin which redirect to /index.php?r=admin/authentication/sa/login which redirect to OAuth server and so on...
I don't know what's causing the issue since the plugin code looks OK compared to native LDAP and Webserver plugins. If I block the redirection after newUserSession successful execution, I can dump the cookies and session variables and everything looks OK. I can even navigate manually to /index.php?r=surveyAdministration/listsurveys and I'm authenticated.
Do you have any idea about what could cause the issue?
I'm posting this here since the plugin does not seems actively developed and the issue may not be the plugin since the OAuth authentication is working.
By the way, it would be great to have native SAML and OAuth2in Limesurvey.
Own server or LimeSurvey hosting: own server IIS 10 + PHP 8.1.22.
Survey theme/template: Bootswatch
==================
I have installed this third party plugin github.com/BDSU/limesurvey-oauth2 after modifying the config.xml file in the zip file to add version 6.
Authentication is working (I get a token and LimeSurvey creates a session), but I get stuck into infinite loops between /index.php?r=admin/authentication/sa/login which redirects to OAuth server which redirects to survey-uat.cbre.fr/index.php?r=admin%2fa...n%2fsa%2flogin&code= ... which redirects to /index.php?r=admin which redirect to /index.php?r=admin/authentication/sa/login which redirect to OAuth server and so on...
I don't know what's causing the issue since the plugin code looks OK compared to native LDAP and Webserver plugins. If I block the redirection after newUserSession successful execution, I can dump the cookies and session variables and everything looks OK. I can even navigate manually to /index.php?r=surveyAdministration/listsurveys and I'm authenticated.
Do you have any idea about what could cause the issue?
I'm posting this here since the plugin does not seems actively developed and the issue may not be the plugin since the OAuth authentication is working.
By the way, it would be great to have native SAML and OAuth2in Limesurvey.
Attachments:
Please Log in to join the conversation.
- DenisChenu
- Offline
- LimeSurvey Community Team
Less
More
- Posts: 13741
- Thank you received: 2509
4 months 1 week ago #254610
by DenisChenu
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Replied by DenisChenu on topic OAuth2 plugin infinite authentication loop
Really strange …
Seems you are connected …
Workaround : at github.com/BDSU/limesurvey-oauth2/blob/5.../AuthOAuth2.php#L201
Check if already connected ?
Seems you are connected …
Workaround : at github.com/BDSU/limesurvey-oauth2/blob/5.../AuthOAuth2.php#L201
Check if already connected ?
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
Please Log in to join the conversation.