Extension talk:Auth remoteuser

About this board

Previous discussion was archived at Extension talk:Auth remoteuser/Archive on 16 June 2020.

User Name Filter deleting correctly formatted input

Nlazarow (talkcontribs)

Auth_remoteuser extension is deleting properly formatted usernames

when executing the "UserNameSessionProviderFilterUserName" hook

even when the $wgAuthRemoteuserUserNameReplaceFilter setting is null.

How can I bypass the hook execution if I have already determined the username

format entry is correct?

Currently using MW 1.31

Reply to "User Name Filter deleting correctly formatted input"
Nbenedek (talkcontribs)


I'm trying to integrate this extension into FreedomBox, which is a a piece of software that offers a one-click installaation for MediaWiki. For starter, the following apache config works well:

<Location /mediawiki>

Include includes/freedombox-single-sign-on.conf

<IfModule mod_auth_pubtkt.c>

TKTAuthToken "wiki" "admin"



However, this way the whole wiki becomes private, and you have to log in to read the pages. My goal is to authenticate only when the user visits the login page. If I set the Location to be <Location /mediawiki/Special:UserLogin>, it does authenticate, but when I jump on the main page, the user logs out immediately.

I tried setting

$wgArticlePath and $wgCookieDomain

with no success, though I'm not entirely sure about the correctness of these two.

Is it possible to auhtenticate only on the login page, and have the user not log out when navigating elsewhere?

Reply to "FreedomBox SSO"
Summary by Krabina

this is solved. It was an issue in an extension that was using this extension.

Krabina (talkcontribs)

Is this extension supposed to work in MW 1.35?

We are running into problems after upgrading an installation from MW 1.31 to 1.35. Authentication is still working, but errors are shown in the browser console.

We seem to run into this issue: https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager/Updating_tips#Exception_%22Sessions_are_supposed_to_be_disabled_for_this_entry_point%22

load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon:40 [e8bfac0498b9f61221749bd4] /load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon BadMethodCallException from line 848 of includes/session/SessionManager.php: Sessions are disabled for this entry point Backtrace:

  1. 0 includes/session/SessionManager.php(220): MediaWiki\Session\SessionManager->getSessionFromInfo(MediaWiki\Session\SessionInfo, WebRequest)
  2. 1 includes/WebRequest.php(826): MediaWiki\Session\SessionManager->getSessionForRequest(WebRequest)
  3. 2 includes/user/User.php(1221): WebRequest->getSession()
  4. 3 includes/user/User.php(388): User->loadFromSession()
  5. 4 includes/user/User.php(2130): User->load()
  6. 5 includes/user/User.php(3069): User->getId()
  7. 6 includes/user/UserGroupManager.php(1026): User->isRegistered()
  8. 7 includes/user/UserGroupManager.php(658): MediaWiki\User\UserGroupManager->getCacheKey(User)
  9. 8 includes/user/UserGroupManager.php(643): MediaWiki\User\UserGroupManager->getUserGroupMemberships(User, integer)
  10. 9 includes/user/User.php(2941): MediaWiki\User\UserGroupManager->getUserGroups(User, integer)
  11. 10 extensions/ADV-A12N/Helper.php(43): User->getGroups()
  12. 11 includes/HookContainer/HookContainer.php(329): AdvSpecialPageBlock(array)
  13. 12 includes/HookContainer/HookContainer.php(132): MediaWiki\HookContainer\HookContainer->callLegacyHook(string, array, array, array)
  14. 13 includes/HookContainer/HookRunner.php(3772): MediaWiki\HookContainer\HookContainer->run(string, array)
  15. 14 includes/specialpage/SpecialPageFactory.php(347): MediaWiki\HookContainer\HookRunner->onSpecialPage_initList(array)
  16. 15 includes/specialpage/SpecialPageFactory.php(362): MediaWiki\SpecialPage\SpecialPageFactory->getPageList()
  17. 16 includes/specialpage/SpecialPageFactory.php(722): MediaWiki\SpecialPage\SpecialPageFactory->getAliasList()
  18. 17 includes/specialpage/SpecialPage.php(109): MediaWiki\SpecialPage\SpecialPageFactory->getLocalNameFor(string, boolean)
  19. 18 includes/specialpage/SpecialPage.php(94): SpecialPage::getTitleValueFor(string, boolean, string)
  20. 19 includes/specialpage/ChangesListSpecialPage.php(874): SpecialPage::getTitleFor(string)
  21. 20 includes/resourceloader/ResourceLoaderFileModule.php(1206): ChangesListSpecialPage::getRcFiltersConfigSummary(ResourceLoaderContext, GlobalVarConfig, NULL)
  22. 21 includes/resourceloader/ResourceLoaderFileModule.php(609): ResourceLoaderFileModule->expandPackageFiles(ResourceLoaderContext)
  23. 22 includes/resourceloader/ResourceLoaderModule.php(842): ResourceLoaderFileModule->getDefinitionSummary(ResourceLoaderContext)
  24. 23 includes/resourceloader/ResourceLoaderStartUpModule.php(209): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
  25. 24 includes/resourceloader/ResourceLoaderStartUpModule.php(405): ResourceLoaderStartUpModule->getModuleRegistrations(ResourceLoaderContext)
  26. 25 includes/resourceloader/ResourceLoaderModule.php(736): ResourceLoaderStartUpModule->getScript(ResourceLoaderContext)
  27. 26 includes/resourceloader/ResourceLoaderModule.php(704): ResourceLoaderModule->buildContent(ResourceLoaderContext)
  28. 27 includes/resourceloader/ResourceLoaderModule.php(839): ResourceLoaderModule->getModuleContent(ResourceLoaderContext)
  29. 28 includes/resourceloader/ResourceLoader.php(775): ResourceLoaderModule->getVersionHash(ResourceLoaderContext)
  30. 29 [internal function]: ResourceLoader->{closure}(string)
  31. 30 includes/resourceloader/ResourceLoader.php(787): array_map(Closure, array)
  32. 31 includes/resourceloader/ResourceLoader.php(874): ResourceLoader->getCombinedVersion(ResourceLoaderContext, array)
  33. 32 load.php(51): ResourceLoader->respond(ResourceLoaderContext)
  34. 33 load.php(38): wfLoadMain()
  35. 34 {main}

(anonymous) @ load.php?lang=de&modules=startup&only=scripts&raw=1&skin=chameleon:40

$wgAuthRemoteuserUserName = "Everybody"

2 (talkcontribs)

A question about Number 5 i the extension page:

// This is not advised, because it will evaluate every visitor

// to the same wiki user 'Everybody'

$wgAuthRemoteuserUserName = "Everybody";

I tried to use this form and insert a substring called $username read from a cookie containing the username instead of "Everybody",

$wgAuthRemoteuserUserName = $username;

but it seems to evaluate to nothing and the user is not logged in.

When I echo the string read from the cookie it looks ok.

If i write the the same cookie value as a string, and run the function on it, the function to read the username and log in works fine. I tried a lot of other string operations on the value as a string, and it still works, but when I try to use the substring from the cookie it will not login. What is wrong?

Ciencia Al Poder (talkcontribs)

How do you get that substring? Maybe there's some error in your code and the value doesn't get assigned at all

Reply to "$wgAuthRemoteuserUserName = "Everybody""

Using Auth remoteuser with PKI Certs

Tony Novice (talkcontribs)

Hi, I'm upgrading our organizational wiki from MW 1.31 to MW 1.35, which means I'm also upgrading from PHP 7.2 to 7.4. We're upgrading from Auth remoteuser v1 to v2. Under MW 1.31 and Auth remoteuser v.1 worked perfectly and users were able to automatically log in using their certs. Following the upgrade, I'm not able to log in. The application tells me to log in, even though I know my certs are being read. I could use some advice from anyone who's used this extension with PKI certs. I'm sure I'm overlooking something obvious, but I've been looking at this problem for too long. Thanks in advance for the help.

Reply to "Using Auth remoteuser with PKI Certs"

No insert into LDAP_DOMAINS table

Adrianzlobinski (talkcontribs)

Hi, im using this with LDAP Authentication Stack. And almost everything is ok. But one thing not. When new domain user visits my MediaWiki his account is created but not inserted into ldap_domains table. When i disable this Auth_Remoteuser extension and user enters domain login and password, then account is automatically added to table ldap_domains. What should i check or change in my configuration?

Ciencia Al Poder (talkcontribs)

Do you really need both enabled? If disabling Auth_Remoteuser extension works for you, why are you enabling it? (talkcontribs)

Because i need Auth_Remoteuser to automaticaly login domain users.

Ciencia Al Poder (talkcontribs)

That's probably wrong. LDAP Authentication states that it authenticates users with NTLM/Kerberos, which is the way to automaticaly login domain users. Maybe you're missing some configuration to enable that.

Reply to "No insert into LDAP_DOMAINS table"
There are no older topics
Return to "Auth remoteuser" page.