Currently, it's amazingly easy to lock yourself out of Drupal, even when you're UID 1. Please(!), add uid 1 as default value for variable: simplesamlphp_auth_allowdefaultloginusers. As far as I can see, currently, users (including uid 1) are not allowed to sign in locally. Marking this as a bug.

Comments

Ambidex created an issue. See original summary.

aken.niels@gmail.com’s picture

aken.niels@gmail.com
he/him
Primary language Dutch
CreditAttribution: aken.niels@gmail.com commented
Status: Active » Closed (cannot reproduce)

Never mind, I think I'm losing my mind, just one of those days. Not sure if this issue is true, this is probably caused by other variables. I'm truly sorry... I'll just leave the room now.

aken.niels@gmail.com’s picture

aken.niels@gmail.com
he/him
Primary language Dutch
CreditAttribution: aken.niels@gmail.com commented
Title: Add UID 1 as default allowed UID for local login » Allow anonymous to login locally and make sure lockout is not as easy
Status: Closed (cannot reproduce) » Active

Okay, well, this is actually a bit more complicated. The problem seems to be that simplesamlphp_auth simply does not allow users to login without a specific predefined role.

When I enable `Allow authentication with local Drupal accounts` I expect all users to be able to login with local accounts. When I do not enable that option, but DO select specific UID's or Roles, I expect only them to be allowed to login.

This can easily be fixed by using following in simplesamlphp_auth_init():

  $user_allowed_default_login = FALSE;
  if (variable_get('simplesamlphp_auth_allowdefaultlogin', TRUE)) {
    $user_allowed_default_login = TRUE;
  }
  else {
    if (in_array($user->uid, $allowed_uids) || !empty($user_allowed_default_login_roles)) {
      $user_allowed_default_login = TRUE;
    }
  }

Also, the current setup does easily lock you out of your installation. Which I suggest to add uid 1 as allowed by default and additionally adjust the above logic OR add a `allow anonymous to login locally` option.