Debugging Authentication

This document is a work in progress.

 

If you cannot login to Rogo try enabling authentication debugging via the display_auth_debug setting in config/config.inc.php

$display_auth_debug = true;

This will add extra information to the login page.

You should try to login using what you believe is a valid username and password. If you view the source of the page you may find the information to be more readable:

Username of myusername tries to login. The username does not exist
array(42) {
  [0]=>
  string(32) "Loaded Config for authentication"
  [1]=>
  string(171) "Standard form data found - Storing in object array (
  'std' => 
  stdClass::__set_state(array(
     'username' => 'myusername',
     'password' => '***HIDDEN***',
  )),
)"
  [2]=>
  string(44) "Running Registering callback routines for #0"
  [3]=>
  string(95) "register_callback success auth from alreadyloggedin_auth id:0 with name:Internal Authentication"
  [4]=>
  string(103) "register_callback success sessionstore from alreadyloggedin_auth id:0 with name:Internal Authentication"
  [5]=>
  string(106) "register_callback success postauthsuccess from alreadyloggedin_auth id:0 with name:Internal Authentication"
  [6]=>
  string(44) "Running Registering callback routines for #1"
  [7]=>
  string(73) "register_callback success auth from ltilogin_auth id:1 with name:LTI Auth"
  [8]=>
  string(84) "register_callback success postauthsuccess from ltilogin_auth id:1 with name:LTI Auth"
  [9]=>
  string(83) "register_callback success displaystdform from ltilogin_auth id:1 with name:LTI Auth"
  [10]=>
  string(46) "authObj(LTI Auth:ltilogin)[1:0]:: Starting LTI"
  [11]=>
  string(44) "Running Registering callback routines for #2"
  [12]=>
  string(88) "register_callback success displaystdform from guestlogin_auth id:2 with name:Guest Login"
  [13]=>
  string(44) "Running Registering callback routines for #3"
  [14]=>
  string(86) "register_callback success preauth from impersonation_auth id:3 with name:Impersonation"
  [15]=>
  string(89) "register_callback success getauthobj from impersonation_auth id:3 with name:Impersonation"
  [16]=>
  string(91) "register_callback success sessionstore from impersonation_auth id:3 with name:Impersonation"
  [17]=>
  string(44) "Running Registering callback routines for #4"
  [18]=>
  string(84) "register_callback success auth from internaldb_auth id:4 with name:Internal Database"
  [19]=>
  string(92) "register_callback success postauthfail from internaldb_auth id:4 with name:Internal Database"
  [20]=>
  string(95) "register_callback success postauthsuccess from internaldb_auth id:4 with name:Internal Database"
  [21]=>
  string(90) "register_callback success lookupuser from internaldb_auth id:4 with name:Internal Database"
  [22]=>
  string(44) "Running Registering callback routines for #5"
  [23]=>
  string(65) "register_callback success auth from ldap_auth id:5 with name:LDAP"
  [24]=>
  string(73) "register_callback success postauthfail from ldap_auth id:5 with name:LDAP"
  [25]=>
  string(76) "register_callback success postauthsuccess from ldap_auth id:5 with name:LDAP"
  [26]=>
  string(75) "register_callback success displayerrform from ldap_auth id:5 with name:LDAP"
  [27]=>
  string(23) "Starting authentication"
  [28]=>
  string(78) "authObj(Impersonation:impersonation)[3:0]:: Starting up impersination checking"
  [29]=>
  string(63) "authObj(Internal Authentication:alreadyloggedin)[0:0]:: Authing"
  [30]=>
  string(145) "authObj(Internal Authentication:alreadyloggedin)[0:1]:: array (  'authenticationObj' =>   array (    'attempt' => 3,  ),  'current_ip' => '::1',)"
  [31]=>
  string(88) "authObj(Internal Authentication:alreadyloggedin)[0:2]:: No valid userid found in session"
  [32]=>
  string(89) "authObj(LTI Auth:ltilogin)[1:1]:: Not valid LTI Launch: Could not find context in session"
  [33]=>
  string(52) "authObj(Internal Database:internaldb)[4:0]:: Authing"
  [34]=>
  string(105) "authObj(Internal Database:internaldb)[4:1]:: Check 2 record number not = 1 no user or multiple user found"
  [35]=>
  string(33) "authObj(LDAP:ldap)[5:0]:: Authing"
  [36]=>
  string(64) "authObj(LDAP:ldap)[5:1]:: Sucessfull initial bind to ldap server"
  [37]=>
  string(65) "authObj(LDAP:ldap)[5:2]:: <strong>No LDAP account found!</strong>"
  [38]=>
  string(62) "authObj(Internal Database:internaldb)[4:2]:: Fail function run"
  [39]=>
  string(29) "parameters after running NULL"
  [40]=>
  string(51) "authObj(Guest Login:guestlogin)[2:0]:: Button Check"
  [41]=>
  string(12) "Display form"
}

In the example above a username that does not exist in any of the authentication methods was used.

What to look for

That authentication has some configuration information

  [0]=>
  string(32) "Loaded Config for authentication"

If this is not present your config.inc.php did not contain an authentication setting

That Rogo received the login details

[1]=>
  string(171) "Standard form data found - Storing in object array (
  'std' => 
  stdClass::__set_state(array(
     'username' => 'myusername',
     'password' => '***HIDDEN***',
  )),
)"

If this is not present and you entered a username and password, this data was stripped before it got to Rogo

Examine what happened in each authentication method

  string(23) "Starting authentication"

All of the information below this point shows what happened against each of your setup authentication methods.

For every authentication plugin you configured there should be a line similar to:

LDAP started authenticating
string(33) "authObj(LDAP:ldap)[5:0]:: Authing"

Problems in the LDAP plugin

This plugin requires that the PHP ldap module is installed on your server.

MessageExplanation
Check 1 blank entriesA username and/or password was not sent
Could not bind to ldap server

Either the server specified in 'ldap_server' is not available or the username 'ldap_bind_rdn' or password 'ldap_bind_password' settings are incorrect

LDAP Server Unavailable: unable to searchThe syntax of 'ldap_search_dn' or 'ldap_user_prefix' is likely to be incorrect
No LDAP account found!

A username could not be found in the LDAP tree specified in 'ldap_search_dn' where the username is stored in the value 'ldap_user_prefix'.

Incorrect password providedThe password provided does not match the one recorded in LDAP for the username
Check 2 record number not = 1 no user or multiple user found in lookup

More than one record matched the username in the internal Rogo user table. Check the values of:

  • 'table' - The name of the table Rogo stores users. (Default: 'users')
  • 'username_col' - The name of the database column that the username is stored (Default: 'username')
  • 'id_col' - The name of the database column that stores the internal Rogo id of the user (Default: 'id')

It is unsafe to modify these from the defaults unless you have a customized Rogo setup and know what you are doing..

LDAP Record found but no local accountYou may need to create an account for the user in Rogo
setting is set to disable lookupThe user will not have an account created automatically, you will need to manually create their Rogo account