https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42061 Bug ID: 42061 Summary: Username not logged when using external authentication method Initiative type: --- Sponsorship --- status: Product: Koha Version: 25.11 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: ephetteplace@cca.edu QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Created attachment 195100 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195100&action=edit Logs screenshot We use CAS authentication and today I noticed in our Authentication logs that the userid (username) field is empty in both success and failure messages for the OPAC and staff side. To recreate: - Use CAS authentication e.g. casAuthentication and casServerUrl settings - Turn on AuthSuccessLog and AuthFailureLog settings - Sign in to the staff and OPAC side - Go to the Log Viewer Expected: Authentication log message "Valid password for USERNAME". Actual: Authentication log message "Valid password for". Looking at the auth code, I believe this is an issue no matter what external authentication is used, whether it's Shibboleth, LDAP, or CAS. The @return array is populated with $retuserid for these services (Auth.pm lines 2020-2069) but the logaction calls use $userid which is undefined. Adding $userid = $retuserid after receiving a return value fixes the SuccessLog but the checkpw_* methods do not return a username when they fail, only 0, so the FailureLog would continue to have this problem. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.