# Moodle needs certain Shibboleth attributes

*This article may be very old. Please reach out to [local support staff](https://ccle.ucla.edu/mod/page/view.php?id=209487) if you have questions.*

When logging into the [http://ccle.ucla.edu](http://ccle.ucla.edu) (Moodle) site through the <span class="caps">UCLA</span> Login option, if you see one of these error messages, see the explanation and instructions below:

## Official Email Missing

***Moodle needs certain Shibboleth attributes which are not present in your case. The attributes are: ‘HTTP\_SHIB\_EDUPERSONPPN’ (‘<yourID@ucla.edu>’), ‘HTTP\_SHIB\_GIVENNAME’ (‘<span class="caps">YOURFIRSTNAME</span>’), ‘HTTP\_SHIB\_CN’ (‘<span class="caps">YOURLASTNAME</span>’) and ‘HTTP\_SHIB\_UCLAOFFICIALEMAIL’ (’’)***  
***Please contact the webmaster of this server or your Identity Provider. You are not logged in.*** (comes from moodle/root/auth/shibboleth/lib.php)

In this case, everything is there except the <span class="caps">UCLAOFFICIALEMAIL</span>. Unfortunately, Moodle requires that.

**What to do for users who get this message:** If nothing appears in the parentheses after ‘HTTP\_SHIB\_UCLAOFFICIALEMAIL’, that means the system does not currently have an official email for the student. The student should logon to [www.ursa.ucla.edu](http://www.ursa.ucla.edu) to setup his/her official email designation. It may then take until the next day for that information to propagate to the system and allow you to log in.

**Note to students concurrently enrolled through <span class="caps">UCLA</span> Extension:** If your <span class="caps">UCLA</span> Logon ID is not working, the problem may be that <span class="caps">CTS</span> hasn’t activated your Bruin Online (<span class="caps">BOL</span>) services because they have not yet received your enrollment paperwork proving your <span class="caps">UCLA</span> affiliation. Once your <span class="caps">BOL</span> services are activated, your @ucla.edu address will get pushed into the Enterprise Directory, which will enable successful login to <span class="caps">CCLE</span> through Shibbleth using <span class="caps">UCLA</span> Logon ID. *To expedite this happening, the student should visit the <span class="caps">BOL</span> help desk with their concurrent enrollment paperwork (including the receipt showing concurrent enrollment) to have all services activated.*

Here is an explanation from <span class="caps">AIS</span> of the issues involved:

“There are several emails which qualify to be official email – <span class="caps">BOL</span> email, Work email, <span class="caps">LAW</span> school email, Anderson school email, Other Student email (<span class="caps">URSA</span>).

When one of the emails is first added we designate that as Official automatically, because there would be no other eligible email for this person at that time. Subsequently there may be other eligible emails added to the entry. When an email is deleted by the authority (for ex, Anderson school sends a delete request for Anderson email for a person) we check if Anderson email has been designated as Official for this entry; If yes we delete Official also. It does not make sense to keep it Official when the underlying source email itself is deleted.

Next time an email is added to the entry, if there is already another email, we won’t designate the newly added email as Official simply because we wouldn’t know which one to designate as Official.

<span class="caps">URSA</span> allows students and former students to re-designate their official email. For employees who were never students here, we were expecting <span class="caps">ODMP</span> to provide the functionality, which hasn’t come along so far.

The solution in that case if you are an employee is to contact <span class="caps">AIS</span> and ask them to help you designate one of your email addresses as <span class="caps">UCLAOFFICIALEMAIL</span>.

## Moodle didn’t receive any user attributes

***You seem to be Shibboleth authenticated but Moodle didn’t receive any user attributes. Please check that your Identity Provider releases the necessary attributes (‘HTTP\_SHIB\_EDUPERSONPPN’, ‘HTTP\_SHIB\_GIVENNAME’, ‘HTTP\_SHIB\_CN’ and ‘HTTP\_SHIB\_UCLAOFFICIALEMAIL’) to the Service Provider Moodle is running on or inform the webmaster of this server.*** (comes from moodle/root/auth/shibboleth/index.php )

In this case, there could be three explanations that we know of:

1. System-wide problem. If no one else can login, the <span class="caps">UCLA</span> Shibboleth Identity Provider could be down or having problems. Contact <span class="caps">AIS</span> Help Desk at 66951.
2. Individual problem. We’ve had one case where someone’s <span class="caps">BOL</span> <span class="caps">EMAIL</span> address was not in the correct Enterprise Directory database and until it was added, this person couldn’t log into <span class="caps">CCLE</span>. Contact Warren Leung at IT Services, if you suspect this could be the problem.
3. Intermittent problem. If you usually can login to <span class="caps">CCLE</span> and now you can’t, try closing your web browser completely (to clear the cookies) and then try logging in again. Or, try a different machine.

A [test process](https://kb.ucla.edu/link/978) to capture information at each step and [send to the appropriate people](https://kb.ucla.edu/link/978).

See also: [Authentication Expired](https://kb.ucla.edu/link/1345)