Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Howdy,
I'm having an issue and I'm wondering if anyone else is experiencing it. We use SAML to log into our Drupal site. Once I login and I attempt to masquerade (Masquerade is a Drupal module that allows you to login as another user) as another user, the site simply logs me out.
When I login via the typical /user path (NOT /saml_login), Masquerade works as normal.
Any ideas?
Comment | File | Size | Author |
---|---|---|---|
#21 | diff-n14-n21.txt | 672 bytes | Elmis Hernandez |
#21 | 2124117-21.patch | 1.32 KB | Elmis Hernandez |
| |||
#14 | 2124117-6-reroll-14.patch | 717 bytes | joelpittet |
| |||
#6 | simplesamlphp_auth-masquerade-2124117-6.patch | 580 bytes | Berdir |
|
Issue fork simplesamlphp_auth-2124117
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #1
NitebreedHaving the same issue. Noticed it has to do with the user I was masquerading to didn't have a role that was enabled for local login
Comment #2
odegard CreditAttribution: odegard commentedCan cofirm. Users you want to masquerade to must be specified in "Which users should be allowed to login with local accounts?", or leave blank for all.
Comment #3
Zekvyrin CreditAttribution: Zekvyrin commentedThis is closely related to #2478499: User 1: Automatic Logout after saving configuration
It's exactly the same code which logs out users not authenticated from simplesaml.
Comment #4
odegard CreditAttribution: odegard commentedI've taken a closer look at this and found a solution, see patch.
It is as Zekvyrin points out a problem with simplesamlphp_auth_user_logout - it logges out "too much".
I've not been able to solve the "problem", I've found a way around it. Caveat emptor.
I considered two options:
1) Patch masquerade to set a session variable before invoking user_logout which runs simplesamlphp_auth_user_logout AND patch simplesamlphp_auth to check for this variable.
2) Find another way that only affects simplesamlphp_auth.
This patch incorporates option 2 by checking the backtrace for the two masquerade-functions involved when invoking user_logout.
Comment #5
odegard CreditAttribution: odegard commentedUpdated patch. Switched out ddebug_backtrace with debug_backtrace since the first one requires that the user has access to devel and normal users should not.
Comment #6
BerdirHere is an 8.x patch that relies on #2975124: Masquarade Saml compatibility issue and then checks for the session key, much less hackery required but it does need a masquerade patch too per the previous issue.
Comment #7
BerdirAlso, you will likely also need the patch from #2975184: Masquerading as user not authenticated causes logout to remain logged in.
Comment #8
andypostComment #9
andypostMasquerade issue commited
Comment #10
jplana CreditAttribution: jplana at The University of British Columbia commentedI can confirm the patch #6 works for me, with the latest dev branch of the masquerade module.
Thanks @Berdir for the patch and @andypost for the tip!
Comment #11
joelpittetThis is helpful thanks @andypost and @Berdir!
Comment #12
andypostNew beta released https://www.drupal.org/project/masquerade/releases/8.x-2.0-beta3
Comment #13
BerdirThere's also a related issue here: #2975184: Masquerading as user not authenticated causes logout, you might need that if you disallow local logins for example. Testing of that would be appreciated so I can commit both. FWIW, this patch should also switch to doing a hasService() && isMasquerading approach to use the API like the new patch over there.
Comment #14
joelpittetRerolled
Comment #15
fengtanWe faced the same issue in Drupal 7 and were able to fix it by applying this patch from the masquerade module (it has been committed to 7.x-1.x-dev but has not been included in a stable release yet): https://www.drupal.org/project/masquerade/issues/2124113#comment-11760980
Comment #16
devkinetic CreditAttribution: devkinetic at CommonPlaces Interactive commented#11 working great!
Comment #18
Kobe Wright CreditAttribution: Kobe Wright as a volunteer commentedEncountered a fatal after a D9 upgrade when trying to masquerade while being logged in using simplesaml because the $account parameter is a User object (not AccountProxy) which doesn't have the setAccount() function.
Created an issue fork with a solution based on the patch in #14, opted to check if the masquerade module is enabled and leaving it up to that module to indicate if the user is masquerading.
Comment #20
Kobe Wright CreditAttribution: Kobe Wright as a volunteer commentedComment #21
Elmis Hernandez CreditAttribution: Elmis Hernandez at ITSS commentedHello,
I also found this problem and although they say that #14 works, for me it worked only after applying it also in the Subscriber.
Here I leave my change and the difference between #14 and my change.
Comment #22
hfernandes CreditAttribution: hfernandes at ImageX commented#21 worked here.
Comment #23
devkinetic CreditAttribution: devkinetic commentedThis looks good to me as well.
Comment #24
kecsotWould be nice to implement another solution except hardcoding 'masquerading' session check to simplesamlphp_auth.
Also good idea to Close with won't do.
What do you think?