Jump to content

Topic on Extension talk:OpenID Connect

mediawiki 1.36.1 and keycloak

7
Tina533253 (talkcontribs)

Hello,

I am having problems with the integration of Wiki with Keycloak and I am testing and troubleshooting for three days so far .. wiki is not redirecting user login at all and after clicking on the button for login with OpenIDConnect error message "Fatal error authenticating user." is printed out as a content of the special page "Special:PluggableAuthLogin" (URL is <our_wiki_app>/wiki/Special:PluggableAuthLogin


Mediawiki version: 1.36.1

OpenID Connect: 5.4 (4fc6d36) 05:55, 7 December 2021

PluggableAuth: 5.7

PHP: 7.3.29 (apache2handler)

MariaDB: 10.5.12-MariaDB

Relevant onfiguration in LocalSettings.php is:

164 $wgGroupPermissions['*']['autocreateaccount'] = true;

## openid config

187 $wgWhitelistRead = array ("Help:Contents", "Special:Userlogin", "Special:CreateAccount", "Special:PluggableAuthL#

188 wfLoadExtension( 'PluggableAuth' );

189 $wgPluggableAuth_EnableAutoLogin = true;

190 $wgPluggableAuth_EnableLocalLogin = true;

191 $wgPluggableAuth_EnableLocalProperties = true;

192 $wgPluggableAuth_Class = 'OpenIDConnect';

193 wfLoadExtension( 'OpenIDConnect' );

194 $wgOpenIDConnect_Config['<our_keycloak_app>/auth/realms/master/'] = [

195         'clientID' => 'mediawiki-test',

196         'clientsecret' => '.........................',

197         'scope' => [ 'openid', 'profile', 'email' ]

198         ];

199 $wgOpenIDConnect_UseRealNameAsUserName = false;

200 $wgOpenIDConnect_UseEmailNameAsUserName = false;

201 $wgOpenIDConnect_MigrateUsersByUserName = true;

202 $wgOpenIDConnect_MigrateUsersByEmail = true;

203 $wgPluggableAuth_ButtonLabelMessage = 'Login with SSO token';

204 $wgOpenIDConnect_ForceLogout = true;

After installing extension OpenIDConnect composer.json is modified such that this block is added:

  "extra": {

                "installer-name": "OpenIDConnect"

                "merge-plugin": {

                    "include": [

                         "extensions/OpenIDConnect/composer.json"

                         ]

        }

Two issues not addressed so far are (may be unimportant, but just to mention..):

- executing update.php (I can not find this script and I think that its execution is not required for this version of mediawiki). However jumbojett lib version 0.9.1 is installed (this can be seen on wiki GUI)

- debug log is not functional and I can not see details on the application (to help myself in troubleshooting I am just recording the traffic using tcpsump)

Debug conf is:

223 $wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";

224

225 error_reporting( -1 );

226 ini_set( 'display_errors', 1 );

227 $wgShowExceptionDetails = true;

I hope there is a solution for this .. your suggestions are welcome :)

Thank you in advance!

Tina

Tina533253 (talkcontribs)

To configure SSO with keycloak two extensions are installed:

PluggableAuth

OpenIDConnect

LocalSettings.php is modified

composer.json for the OpenIDConnect extension is modified

and client "mediawiki-test" on keyclock is created for wiki with redirect URI: http://<our_wiki_app>/wiki/Special:PluggableAuthLogin and access type: confidential

**SSL is configured on keycloak, but it is not configured on test wiki app

Cindy.cicalese (talkcontribs)

You do need to run update.php (in the mediawiki core maintenance directory) to create the database table needed by OpenID Connect.

Tina533253 (talkcontribs)

Table already exists in db.

Tina533253 (talkcontribs)

Does anyone have any suggestion about this issue?

StingNapas (talkcontribs)

Hello,

Did you find a solution? I have the same problem

Anollamh (talkcontribs)
Reply to "mediawiki 1.36.1 and keycloak"