User talk:Cindy.cicalese

We are using Microsoft Azure Entra ID but getting Fatal Authentication  Error at mediawiki end.  We have followed the steps given at Extension:OpenID Connect documentation.

We have done following configuration at mediawiki LocalSettings.php  :-

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'OpenIDConnect' );

$wgPluggableAuth_Config[] = [

    'plugin' => 'OpenIDConnect',

    'data' => [

        'providerURL' => 'https://login.microsoftonline.com/XXXXXXXXXX

        'clientID' => 'XXXXXXXXXXXXXXXXX',

        'clientsecret' => 'XXXXXXXXXXXXXXXXXXX'

    ]

];

$wgOpenIDConnect_UseRealNameAsUserName = true;

Please help us to solve this issue as it is very urgent.

Thanks

Extension:OpenID Connect - MediaWiki

When reporting an error, please be sure to include version information for MediaWiki and all relevant extensions as well as configuration information. Also, please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log.

Hi Cindy,

I just posted a queston on the MediaWiki Support Desk, but then realized, that this maybe is a better place for the question. Could you please have a look?

Regards, Zoltan

Hi Cindy, I have an issue setting up ShortUrl using $wgArticlePath. Following the documentation I was able to create the short url but I get 404 error. Please let me know if there is a fix for this.

Below are my configurations:

My Folder name and Url is set to "mediawikinew"

In my LocalSettings.php File I have set

$wgScriptPath = "/mediawikinew";

$wgArticlePath = "/mediawikinew/$1";

$wgUsePathInfo = true;

My Nginx for mediawiki conf is set to this

server{

listen 80;

listen [::]:80;

server_name mediwikinew;

root /var/www/mediawikinew;

index index.php;

error_log /var/log/nginx/mediawikinew.error;

access_log /var/log/nginx/mediawikinew.access;

location / {

        try_files $uri $uri/ /index.php;

        #try_files $uri $uri/ @mediawikinew;

}

location ~ /.well-known {

       allow all;

}

location ~ /\.ht {

      deny all;

}

location /mediawikinew/ {

                #rewrite ^/mediawikinew/(?<pagename>.*)$ /mediawikinew/index.php;

                rewrite ^/mediawikinew/([^\?]*) /mediawikinew/index.php?title=$1&$args last;

       }

location = / {

                return 301 /mediawikinew/Main_Page;

        }

location ~ ^/mediawikinew/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {

                include /etc/nginx/fastcgi_params;

                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                #fastcgi_param SCRIPT_FILENAME $document_root/index.php;

                fastcgi_pass unix:/run/php/php8.1-fpm.sock;

                include snippets/fastcgi-php.conf;

        }

location /mediawikinew/images/deleted {

                # Deny access to deleted images folder

                deny all;

        }

location /mediawikinew/images {

                # Separate location for images/ so .php execution won't apply

        }

location ~ ^/mediawikinew/resources/(assets|lib|src) {

                try_files $uri =404;

                add_header Cache-Control "public";

                expires 7d;

        }

location ~ ^/mediawikinew/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm|ttf|woff|woff2)$ {

                try_files $uri =404;

                add_header Cache-Control "public";

                expires 7d;

        }

location = /favicon.ico {

                alias /mediawikinew/images/6/64/Favicon.ico;

                add_header Cache-Control "public";

                expires 7d;

        }

location ~ ^/mediawikinew/(COPYING|CREDITS)$ {

                default_type text/plain;

        }

location /mediawikinew/rest.php/ {

                try_files $uri $uri/ /mediawikinew/rest.php?$query_string;

        }

}

This topic is resolved.

Hi Cindy,

I hope you are doing well. I am trying to set up OpenIDConnect with PluggableAuth to use Azure AD. However, I'm facing an issue where, upon attempting to log in to Mediawiki, I am not directed to Azure for authentication. Instead, I receive the message "The supplied credentials could not be authenticated." I'm not sure what I am missing in this setup. I have already ensured that the tenant ID, Client Secret, and Client ID are all correctly set and Files that I configured:

• composer.local.json-sample In root directory of MediawikiNEW added this line "extensions/OpenIDConnect/composer.json"

• composer.json In root directory of MediawikiNEW added/got added this line

"jumbojett/openid-connect-php": "^0.9.10"

• Below is my LocalSettings.php:

<?php

error_reporting( E_ALL );

ini_set( 'display_errors', 1 );

# Protect against web entry

if ( !defined( 'MEDIAWIKI' ) ) {

exit;

}

$wgSitename = "My Website Name";

$wgMetaNamespace = "My_Website_Name";

$wgScriptPath = "/mediawikiNEW";

$wgServer = "";

$wgResourceBasePath = $wgScriptPath;

$wgLogos = [

'1x' => "$wgResourceBasePath/resources/assets/change-your-logo.svg",

'icon' => "$wgResourceBasePath/resources/assets/change-your-logo-icon.svg",

];

$wgEnableEmail = true;

$wgEnableUserEmail = true; # UPO

$wgEmergencyContact = "";

$wgPasswordSender = "";

$wgEnotifUserTalk = false; # UPO

$wgEnotifWatchlist = false; # UPO

$wgEmailAuthentication = true;

## Database settings

$wgDBtype = "mysql";

$wgDBserver = "localhost";

$wgDBname = "myDatabse";

$wgDBuser = "mediaUser";

$wgDBpassword = "Password";

# MySQL specific settings

$wgDBprefix = "";

# MySQL table options to use during installation or update

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

# Shared database table

# This has no effect unless $wgSharedDB is also set.

$wgSharedTables[] = "actor";

## Shared memory settings

$wgMainCacheType = CACHE_NONE;

/* $wgMainCacheType = CACHE_ACCEL;

$wgSessionCacheType = CACHE_DB; */

$wgMemCachedServers = [];

$wgEnableUploads = true;

$wgUseImageMagick = true;

$wgImageMagickConvertCommand = "/usr/bin/convert";

$wgUseInstantCommons = false;

$wgPingback = true;

$wgLanguageCode = "en";

# Time zone

$wgLocaltimezone = "America/New_York";

$wgSecretKey = "SercretKey";

# Changing this will log out all existing sessions.

$wgAuthenticationTokenVersion = "1";

# Site upgrade key. Must be set to a string (default provided) to turn on the

# web installer while LocalSettings.php is in place

$wgUpgradeKey = "UpgradeKey";

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright

$wgRightsUrl = "";

$wgRightsText = "";

$wgRightsIcon = "";

# Path to the GNU diff3 utility. Used for conflict resolution.

$wgDiff3 = "/usr/bin/diff3";

# The following permissions were set based on your choice in the installer

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['read'] = false;

## Default skin: you can change the default skin. Use the internal symbolic

## names, e.g. 'vector' or 'monobook':

$wgDefaultSkin = "vector";

# Enabled skins.

# The following skins were automatically enabled:

wfLoadSkin( 'MinervaNeue' );

wfLoadSkin( 'MonoBook' );

wfLoadSkin( 'Timeless' );

wfLoadSkin( 'Vector' );

# visual editor

wfLoadExtension( 'VisualEditor' );

$wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";

$wgHiddenPrefs[] = 'visualeditor-enable';

# create page

wfLoadExtension( 'CreatePageUw' );

$wgCreatePageUwUseVE = true;

### Azure directory extensions or config

$wgGroupPermissions['*']['createaccount'] = true;

$wgGroupPermissions['*']['autocreateaccount'] = true;

#PluggableAuth

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = false;

$wgPluggableAuth_EnableLocalLogin = false;           # if this set to true allows local login without azure auth

$wgPluggableAuth_EnableLocalProperties = false;

$wgPluggableAuth_EnableFastLogout =true;       

$wgPluggableAuth_ButtonLabelMessage = 'Login';

$wgPluggableAuth_Class = 'OpenIDConnect';

# OpenIDConnect config

wfLoadExtension( 'OpenIDConnect' );

$wgPluggableAuth_Config[] = [

"My Login" => [

'plugin' => 'OpenIDConnect',

'data' => [

'providerURL' => '',

'clientID' => 'ID',

'clientsecret' => 'secret'

],

'scope' => [ 'openid', 'profile', 'email' ]

]

];

$wgOpenIDConnect_UseRealNameAsUserName = true;

# ShortURL Config

wfLoadExtension( 'ShortUrl' );

/* $wgShortUrlTemplate = '/mediawikiNEW/wiki/$1'; */

$wgArticlePath = "/mediawikiNEW/$1";

• composer.local.json-sample In root directory of MediawikiNEW added this line "extensions/OpenIDConnect/composer.json"

You should rename this file to composer.local.json

• composer.json In root directory of MediawikiNEW added/got added this line

You should not edit this file. Adding the line above to composer.local.json shoudl be sufficient. Then, you would need to run "composer update" or "composer install" from the root MediaWiki directory.

Please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log.

Hello Cindy,

I followed your instructions and ran composer. However, I am still not able to use Azure AD.

When I add below block I get this error Fatal exception of type "TypeErro" when clicking on log in button

$wgPluggableAuth_Config[] = [

   'plugin' => 'OpenIDConnect',

   'data' => [

        'providerURL' => 'https://login.microsoftonline.com/id/v2.0/',

        'clientID' => 'id',

        'clientsecret' => 'secret'

    ]

];

The debug on browser shows these exceptions:

• [rdbms] MWExceptionHandler::rollbackPrimaryChanges [0s] localhost: ROLLBACK
• [rdbms] MWExceptionHandler::rollbackPrimaryChanges: acknowledged server-side transaction loss on localhost
• [exception] [1d11fafe16b669e17bba17df] /mediawikinew/index.php?title=Special:UserLogin&returnto=Main+Page TypeError: method_exists(): Argument #1 ($object_or_class) must be of type object|string, array given
• [MessageCache] MessageCache using store SqlBagOStuff

NOTES:

1- In maintenance folder I ran php update.php

2- Ran composer update after changing the composer.local.json-sample to composer.local.json

then added "extensions/OpenIDConnect/composer.json"

3- Added to MediaWiki\Extension\PluggableAuth\PluggableAuth path the below line

"PluggableAuth": {

    "OpenIDConnect": {

        "class": "MediaWiki\\Extension\\OpenIDConnect\\OpenIDConnect",

        "services": [

           "MainConfig",

           "AuthManager",

           "OpenIDConnectStore"

        ]

    }

 }

4- Rest of LocalSettings.php config :

#PluggableAuth

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = false;

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_EnableLocalProperties = false;

$wgPluggableAuth_EnableFastLogout =false;

$wgPluggableAuth_ButtonLabelMessage = 'Login';

$wgPluggableAuth_Class = 'OpenIDConnect';

#AAD

wfLoadExtension( 'OpenIDConnect' );

$wgPluggableAuth_Config[].......................................

$wgOpenIDConnect_UseRealNameAsUserName = true;

5- Short URL is configured as well.

Please help/let me know if I am missing anything.

Thanks!

Which versions of the PluggableAuth and OpenIDConnect extensions are you using?

In 2), hopefully you added the line before you ran composer update.

I'm not sure what 3) refers to above, but it should not be necessary.

I need more information about where the exception is happening, including at least the start of the stack trace. Please refer to How to debug to see how to enable more debugging information.

You should be able to remove the following config lines:

$wgPluggableAuth_ButtonLabelMessage = 'Login';

$wgPluggableAuth_Class = 'OpenIDConnect';

1) OpenIDConnect 7.0.1 and PluggableAuth is 7.0.0 and mediawiki is 1.40.0.

2) yes I added the line then ran composer.

Sure here is the stack trace when I added $wgShowExceptionDetails = true;

[4a9b3e88ee46f7baf2a4dbfb] /mediawikinew/index.php?title=Special:UserLogin&returnto=Main+Page TypeError: method_exists(): Argument #1 ($object_or_class) must be of type object|string, array given

Backtrace:

from /var/www/mediawikinew/extensions/PluggableAuth/includes/PrimaryAuthenticationProvider.php(88)

#0 /var/www/mediawikinew/extensions/PluggableAuth/includes/PrimaryAuthenticationProvider.php(88): method_exists()

#1 /var/www/mediawikinew/includes/auth/AuthManager.php(2272): MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider->getAuthenticationRequests()

#2 /var/www/mediawikinew/includes/auth/AuthManager.php(2250): MediaWiki\Auth\AuthManager->getAuthenticationRequestsInternal()

#3 /var/www/mediawikinew/includes/specialpage/AuthManagerSpecialPage.php(277): MediaWiki\Auth\AuthManager->getAuthenticationRequests()

#4 /var/www/mediawikinew/includes/specialpage/LoginSignupSpecialPage.php(147): AuthManagerSpecialPage->loadAuth()

#5 /var/www/mediawikinew/includes/specialpage/LoginSignupSpecialPage.php(238): LoginSignupSpecialPage->load()

#6 /var/www/mediawikinew/includes/specialpage/SpecialPage.php(701): LoginSignupSpecialPage->execute()

#7 /var/www/mediawikinew/includes/specialpage/SpecialPageFactory.php(1475): SpecialPage->run()

#8 /var/www/mediawikinew/includes/MediaWiki.php(327): MediaWiki\SpecialPage\SpecialPageFactory->executePath()

#9 /var/www/mediawikinew/includes/MediaWiki.php(923): MediaWiki->performRequest()

#10 /var/www/mediawikinew/includes/MediaWiki.php(576): MediaWiki->main()

#11 /var/www/mediawikinew/index.php(50): MediaWiki->run()

#12 /var/www/mediawikinew/index.php(46): wfIndexMain()

#13 {main}

What is item 3) above? That sounds like it could be interfering. It isn't clear to me where you have made that change or why. It should not be necessary.

Great news! The issue has been resolved.

Item 3 was the problem. I reverted the changes to their default settings, and that resolved the issue.

Thank you so much for your help. I appreciate it.

Great!