Account merging with different email addresses gives error

  • Resolved mwillberg

    (@mwillberg)


    4 years, 1 month ago

    I have migrated from LDAP based authentication and there are local accounts present. The domains have also changed in the email addresses.

    When old user tries to login, shibboleth part works, but there is an error “not sufficient access”. New user creation is disabled.

    wordpress: demouser / [email protected]

    shibboleth: demouser / [email protected]

    I have tried different “combine local and shibboleth accounts” options, but without success. The user can login when the option is in “allow automatic account merging, bypass username management” AND i have MANUALLY edited the users profile to have the new email address.

    This should not be necessary as email addresses tend to change and only “eppn” is static.

    Have I missed an option or any suggestions ?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jonathan Champ

    (@jrchamp)

    The bypass username management is only necessary if the username doesn’t match the username from the Shibboleth attributes. You may want to use an unscoped username attribute (if one exists) to avoid the bypass setting. The email addresses pretty much need to match if the bypass setting is active.

    Someone else might have other ideas?

    Thread Starter mwillberg

    (@mwillberg)

    This was resolved.

    The issue was that the login information was not provided to the server. Adding few debug lines to “shibboleth_authenticate_user()” showed that the authentication was using the email address alone.

    Allow Automatic Account Merging

    [26-Jan-2021 11:35:11 UTC] [Shibboleth WordPress Plugin Logging] get_user_by login:
[26-Jan-2021 11:35:11 UTC] [Shibboleth WordPress Plugin Logging] get_user_by email: [email protected]
[26-Jan-2021 11:35:11 UTC] [Shibboleth WordPress Plugin Logging] ERROR: User U123 (ID: 123) failed to automatically merge accounts. Reason: An account already exists with this email.

    Allow Automatic Account Merging (Bypass Username Management)

    [26-Jan-2021 11:37:24 UTC] [Shibboleth WordPress Plugin Logging] get_user_by login:
[26-Jan-2021 11:37:24 UTC] [Shibboleth WordPress Plugin Logging] get_user_by email: [email protected]
[26-Jan-2021 11:37:24 UTC] [Shibboleth WordPress Plugin Logging] SUCCESS: User U123 (ID: 123) merged accounts automatically.
[26-Jan-2021 11:37:24 UTC] [Shibboleth WordPress Plugin Logging] SUCCESS: User U123 (ID: 123) successfully authenticated.

    When the authentication server was correctly providing the login information everything started to work with “Allow Automatic Account Merging”

    [26-Jan-2021 13:46:30 UTC] [Shibboleth WordPress Plugin Logging] get_user_by login: U123
[26-Jan-2021 13:46:30 UTC] [Shibboleth WordPress Plugin Logging] SUCCESS: User U123 (ID: 123) merged accounts automatically.
[26-Jan-2021 13:46:30 UTC] [Shibboleth WordPress Plugin Logging] SUCCESS: User U123 (ID: 123) successfully authenticated.
    • This reply was modified 4 years, 1 month ago by mwillberg.
    • This reply was modified 4 years, 1 month ago by mwillberg.
    Thread Starter mwillberg

    (@mwillberg)

    (Set thread as resolved)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Account merging with different email addresses gives error’ is closed to new replies.