0
Not a bug

SSO Bug

Paul L 3 years ago updated by Vlad R 3 years ago 7

I have authentication integration turned on using Joomla 3.8.x plugin and it sees the Joomla path when tested. In Joomla I have the URL pointing to FileRun/SSO


When I log in as "Admin" to Joomla and go to the SSO URL, I get the proper FileRun interface showing all my files.


If I log in as "User" in Joomla and go to the SSO URL, it takes me to the FileRun login screen with a blank user/password, as if it can't find the User in FileRun.  I have to type the user/password in manually to login. (the login screen has both SignIn and SSO buttons)


If I log in as "Test" in Joomla (meaning this is a user in Joomla but not in FileRun) and go to the SSO URL, it opens a blank FileRun interface.  It says the logged in user name is "est"


Something is certainly not right here.

I don't see anything out of order with the FileRun authentication plugin. Have you configured a role to be used with new user accounts?

There is definitely a bug somewhere.  It turns out when I was testing the Guest account feature I shared a file with Guest called "test".  I discovered the Guest account uses a license so I removed the share and got the license back. 

Then I was testing SSO with Joomla and logged in with a Joomla account called "test".  This is where things are going bad.

When I look in the FileRun control panel there is no User Account called "test" but suddenly FileRun has created a Group called "Joomla" and added the user "test" which should no longer exist. It has also used up a license for this user (which doesn't exist under User Accounts). I cannot find any reference for a Guest account or Regular User named "test" in the FileRun Control Panel but it is taking a license so it thinks the User exists.

I went into Groups in the Control Panel and removed the "Joomla" group but the User "test" still seems to exists and a license is still used for this User.


If I use phpMyAdmin and look at the FileRun database under df_users, there does exists a user called "test" with most fields containing "null" but "activated" field is "1"

Why does this User exists here when it has been removed in Shares and in the Control Panel.

Also noticed in the FileRun Control Panel under "Storage usage", the User "test" shows up here but there is no option to remove this user.

Have you configured a role to be used with new user accounts?

When somebody is accessing FileRun using a third-party authentication source, such as Joomla in this case, a FileRun user account is automatically created, to allow the person access to FileRun under a certain identity and set of permissions. The user accounts are automatically created based on the role configured under "Login and registration" > "New users" > "Role".

Because there was no role configured at the time you logged in with the Joomla test account, FileRun was unable to add the account entirely, causing the problems. To fix this, you can just manually remove the user record from the "df_users" table using phpMyAdmin.

The group Joomla will be recreated, as user accounts that login authenticated against Joomla will be added to this group.

Note that deleting a group does not delete user accounts.