Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Login work with iOS Piwik Mobile 2.2 app #79

Open
lolllpop opened this issue Dec 23, 2014 · 4 comments
Open

Make Login work with iOS Piwik Mobile 2.2 app #79

lolllpop opened this issue Dec 23, 2014 · 4 comments
Labels
enhancement
Milestone
Backlog

Comments

@lolllpop
Copy link

Just upgraded to Piwik 2.9.1 and LoginLDAP 3.1.0 (from 2.2.7). For this, I completely re-configured the LDAP config, deleted all accounts (but my master admin) from the piwik_user table and synchronized all accounts via console. For LoginLdap, I have to following setup:

Always Use LDAP for Authentication: yes
Synchronize Users After Successful Login: yes
Use Web Server Auth: no
Generate Random token_auth For New Users: yes

Records in piwik_user have passwords starting with {LDAP}xxx and a new tokens. Within the web app, everything is working fine (thanks!). User and admin accounts can login and have their old authorizations to the websites.

However, login with the iOS MobileApp 2.2 is not possible anymore. It tells me that I should check username and password and have access to at least one website, but credentials and authorizations are correct. Any ideas?

Thanks
Martin
@diosmosis
Copy link
Member

Using the mobile app w/ LoginLdap requires that the Always Use LDAP for Authentication setting be unchecked. This is because the mobile app calculates the token auth of a user, it doesn't query Piwik for the token auth in the DB. So the token auth it uses will be different from what is in the DB unless the actual password of a user is stored in Piwik's DB.

There are two ways around this:

  1. Uncheck Always Use LDAP for Authentication. Users will be able to login via the mobile app, though they'll have to login at least once through the web UI first. You'll have to erase the LDAP users from piwik_user again.
  2. Create separate users for mobile access (ie, user1, user1-mobile). The user permissions for each user would have to be managed individually.

I think neither of these solutions is ideal for you since you've removed existing user entries, so I'll keep trying to think of another way to solve this.

@mattab
Copy link
Member

mattab commented Dec 28, 2014

Hi @diosmosis

Would it be possible to document this in a FAQ in the readme of loginLdap ? it seems more and more users have this question and they could help themselves with such FAQ 👍

@mattab
Copy link
Member

mattab commented Dec 28, 2014

I've just seen #80 which looks similar so +1

@lolllpop
Copy link
Author

lolllpop commented Jan 3, 2015

@diosmosis: thanks for your explanation!

For me, however, the main purpose of the LDAP plugin is the authentication at an external, central authentication point. The very last thing I want are the users' passwords being replicated to the application's db - in whatever form.

I added a feature request for the Mobile App to support password authentication over TLS or the entry of a manually specified token. matomo-org/matomo-mobile-2#5326

@lolllpop lolllpop mentioned this issue Jan 3, 2015
Closed
@mattab mattab added the bug label Oct 30, 2015
@mattab mattab added this to the Backlog milestone Oct 30, 2015
@mattab mattab added enhancement and removed bug labels Oct 31, 2015
@mattab mattab changed the title Login failed for iOS MobileApp 2.2 Make Login work with iOS Piwik Mobile 2.2 app Oct 31, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@diosmosis @mattab @lolllpop