Topic on Extension talk:OpenID Connect

Hello,

I am having problems with the integration of Wiki with Keycloak and I am testing and troubleshooting for three days so far .. wiki is not redirecting user login at all and after clicking on the button for login with OpenIDConnect error message "Fatal error authenticating user." is printed out as a content of the special page "Special:PluggableAuthLogin" (URL is <our_wiki_app>/wiki/Special:PluggableAuthLogin

Mediawiki version: 1.36.1

OpenID Connect: 5.4 (4fc6d36) 05:55, 7 December 2021

PluggableAuth: 5.7

PHP: 7.3.29 (apache2handler)

MariaDB: 10.5.12-MariaDB

Relevant onfiguration in LocalSettings.php is:

164 $wgGroupPermissions['*']['autocreateaccount'] = true;

## openid config

187 $wgWhitelistRead = array ("Help:Contents", "Special:Userlogin", "Special:CreateAccount", "Special:PluggableAuthL#

188 wfLoadExtension( 'PluggableAuth' );

189 $wgPluggableAuth_EnableAutoLogin = true;

190 $wgPluggableAuth_EnableLocalLogin = true;

191 $wgPluggableAuth_EnableLocalProperties = true;

192 $wgPluggableAuth_Class = 'OpenIDConnect';

193 wfLoadExtension( 'OpenIDConnect' );

194 $wgOpenIDConnect_Config['<our_keycloak_app>/auth/realms/master/'] = [

195         'clientID' => 'mediawiki-test',

196         'clientsecret' => '.........................',

197         'scope' => [ 'openid', 'profile', 'email' ]

198         ];

199 $wgOpenIDConnect_UseRealNameAsUserName = false;

200 $wgOpenIDConnect_UseEmailNameAsUserName = false;

201 $wgOpenIDConnect_MigrateUsersByUserName = true;

202 $wgOpenIDConnect_MigrateUsersByEmail = true;

203 $wgPluggableAuth_ButtonLabelMessage = 'Login with SSO token';

204 $wgOpenIDConnect_ForceLogout = true;

After installing extension OpenIDConnect composer.json is modified such that this block is added:

  "extra": {

                "installer-name": "OpenIDConnect"

                "merge-plugin": {

                    "include": [

                         "extensions/OpenIDConnect/composer.json"

                         ]

        }

Two issues not addressed so far are (may be unimportant, but just to mention..):

- executing update.php (I can not find this script and I think that its execution is not required for this version of mediawiki). However jumbojett lib version 0.9.1 is installed (this can be seen on wiki GUI)

- debug log is not functional and I can not see details on the application (to help myself in troubleshooting I am just recording the traffic using tcpsump)

Debug conf is:

223 $wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";

224

225 error_reporting( -1 );

226 ini_set( 'display_errors', 1 );

227 $wgShowExceptionDetails = true;

I hope there is a solution for this .. your suggestions are welcome :)

Thank you in advance!

Tina

To configure SSO with keycloak two extensions are installed:

PluggableAuth

OpenIDConnect

LocalSettings.php is modified

composer.json for the OpenIDConnect extension is modified

and client "mediawiki-test" on keyclock is created for wiki with redirect URI: http://<our_wiki_app>/wiki/Special:PluggableAuthLogin and access type: confidential

**SSL is configured on keycloak, but it is not configured on test wiki app

You do need to run update.php (in the mediawiki core maintenance directory) to create the database table needed by OpenID Connect.

Table already exists in db.

Does anyone have any suggestion about this issue?

Have a look at Topic:Wqopbmva2lq8613t. It helped me to get the keycloak sign-in page at least.