SAML self sign-up (new users) is not working
Dale Johnson
Hello, everyone.
We have just upgraded to 1.7.13. We were able to successfully use self-registration on our TEST server pointing to our DEV database but once we moved to testing against our PROD database, self-registration always fails with this error message in an alert-style box in the browser: "Sorry. We are unable to sign you up at this time. Please contact the admin. " Users see this message after authenticating, clicking the ‘accept terms’ checkbox, and clicking the sign up button.
I’ve traced that message back to these lines in this file /var/www/html/webclient/registration/user/federated/index.php
$result_status_error = hasErrorStatus(setUser($full_name, $email, $username, $passwordi, $_COOKIE['hostName']));
if ($result_status_error) {
$_SESSION['error_msg'] = "Sorry. We are unable to sign you up at this time. Please contact the admin. " . $extrastuff;
and I believe these errors in the Wildfly log are related (but I could easily be wrong about that);
2024-02-20 08:51:50,432 ERROR [edu.harvard.i2b2.pm.delegate.ServicesHandler] (Thread-819) i2b2demo is not associated with this domain i2b2prod. Please check the i2b2workbench.properties file.
2024-02-20 08:51:50,432 ERROR [stderr] (Thread-819) java.lang.Exception: i2b2demo is not associated with this domain i2b2prod. Please check the i2b2workbench.properties file.
2024-02-20 08:51:50,432 ERROR [stderr] (Thread-819) at edu.harvard.i2b2.pm.delegate.ServicesHandler.execute(ServicesHandler.java:317)
2024-02-20 08:51:50,432 ERROR [stderr] (Thread-819) at edu.harvard.i2b2.pm.ws.ExecutorRunnable.run(ExecutorRunnable.java:81)
2024-02-20 08:51:50,432 ERROR [stderr] (Thread-819) at java.lang.Thread.run(Thread.java:750)
2024-02-20 08:55:42,323 ERROR [edu.harvard.i2b2.pm.delegate.ServicesHandler] (Thread-820) Unable to sign in
2024-02-20 08:55:42,324 ERROR [stderr] (Thread-820) java.lang.Exception: Unable to sign in
2024-02-20 08:55:42,324 ERROR [stderr] (Thread-820) at edu.harvard.i2b2.pm.delegate.ServicesHandler.execute(ServicesHandler.java:435)
2024-02-20 08:55:42,324 ERROR [stderr] (Thread-820) at edu.harvard.i2b2.pm.ws.ExecutorRunnable.run(ExecutorRunnable.java:81)
2024-02-20 08:55:42,324 ERROR [stderr] (Thread-820) at java.lang.Thread.run(Thread.java:750)
What we do see and know:
- SAML works fine for ESTABLISHED users. SAML sign-ins work fine for users who already have SAML-login rows in PM_USER_DATA and PM_USER_PARAMS. And, If a user doesn’t have project assignments, then after authentication they do receive the message ‘you don’t have projects yet’
- SAML works fine for NEW users only when I use a database script to insert PM_USER_DATA, PM_USER_PARAMS, and the appropriate project roles. Then they can log in and use i2b2.
- All our current established users had to be converted from our old login IDs to new SAML login IDs, using a database script. Those users can log into i2b2.
- With all of those things working correctly, I don’t think we’re having a problem with anything in file \var\www\html\webclient\i2b2_config_data.js or the CELL URLs that we had to change for SAML.
- When new users start the sign-up process, after they authenticate but before they click ‘accept terms’ and click Sign Up, I can see that their correct UAB identity is in the web session and nothing seems to be missing. After they see “Sorry. We are unable to sign you up at this time. Please contact the admin.”, their identity values are erased from the session, which seems correct behavior.
The error message in the Wildfly log that asks me to check the i2b2workbench.properties file ... is there some config setting somewhere that I can look for? Or does anyone have advice on finding what could be slightly different between our DEV and PROD databases that might explain this?
Thank you very much,
Dale Johnson
Department of Biomedical Informatics and Data Science
University of Alabama at Birmingham
