-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Having some trouble when a user tries logging in using both Shib AND OAuth...I think... #4769
Comments
Forgot to mention. The URL is: https://dataverse.tdl.org and the version is 4.8.4 build 128-ef7dce7 |
Let me know if you think an upgrade would fix this. |
@laulandn Dataverse 4.4 (pull request #3025) is when we made a big effort to improve Shibboleth support so I don't think an upgrade would help, but you should, of course, always be thinking about staying up to date with releases. 😄 Maybe there was a more recent bug fix or two I'm forgetting. The best thing would probably be to email server.log to support@dataverse.org (on the day when the failure occurred) so that we can see if there were any exceptions thrown. |
Phil, I'm seeing this every time she tries to log in using her Shib account. She was reported as using her Google ID also, but shouldn't that have had her gmail address? Maybe not! [2018-06-20T16:28:58.389-0500] [glassfish 4.1] [WARNING] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=49 _ThreadName=jk-connector(2)] [timeMillis: 1529530138389] [levelValue: 900] [[ [2018-06-20T16:28:58.390-0500] [glassfish 4.1] [WARNING] [] [javax.enterprise.ejb.container] [tid: _ThreadID=49 _ThreadName=jk-connector(2)] [timeMillis: 1529530138390] [levelValue: 900] [[ javax.ejb.EJBException [2018-06-20T16:28:58.391-0500] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.Shib] [tid: _ThreadID=49 _ThreadName=jk-connector(2)] [timeMillis: 1529530138391] [levelValue: 800] [[ |
FYI, You can have any email you want for you Google ID. I'm betting she has her set to her tamu.edu one and she's trying to log in with both accounts for some reason. |
@laulandn the uniqueness constraint violation is happening for the "email" field in the "authenticateduser" table: http://phoenix.dataverse.org/schemaspy/latest/tables/authenticateduser.html To figure out which user it is, you'll need to take the "useridentifier" string from the "authenticateduser" table and find it in the "authenticateduserlookup" table: http://phoenix.dataverse.org/schemaspy/latest/tables/authenticateduserlookup.html The new-user Manage Users dashboard might help you troubleshoot: http://guides.dataverse.org/en/4.9/admin/user-administration.html There are also some API endpoints that might help you troubleshoot: |
So it boils down to: user emails MUST be unique, and a user may never use multiple logins (shib, oauth, builtin) that have the same email address. Correct? Makes sense. |
@laulandn is there something you'd like us to fix in the code? Should this issue remain open? Were you able to figure out a workaround? |
I think ulitmately I really need a good way for the admin to delete "extra" users (or ones that used an undesired auth method) from the user management dashboard. This is #4475 The problem is that I've had to use the api call to remove the "extra" oauth user (so they can then log in using shibboleth). It will fail if items are owned, so I then have to delete those, etc etc. I've run up against database contraints...or maybe a missing contraint...where things like a password reset token won't allow me to get rid of the user without database careful editing. So an official way to not just remove the user, but everything associated with them...maybe reassigning ownership of item to the admin user, or the creator of the dataverse where the items are located. Thanks! |
We discussed #4430 today in sprint planning and it's related in some ways. It's somewhat difficult to support users with auth problems, especially when they try logging in with more than one method. |
@laulandn hope you're well! I'm going to close this one as we are tracking delete in a separate issue. |
Hey all, I have a user reportably having trouble logging in...I don't have the exact order of what she tried. All I know is she tried both Shib and OAUTH and is now unable to log in at all.
I've verified that she is a legit user of her University's Shibboleth and the correct attributes are coming across with good values.
One possible scenario is this:
The order may have been OAUTH->Shib->OAUTH.
Have you guys seen anything like that?
Thanks!
The text was updated successfully, but these errors were encountered: