Any help would be most appreciated - I'll really try to explain the problem and its context. Hopefully others can learn from my troubles!!! :)
My objective: Create a company wiki hosted on the cloud where employees can use their logins registered in the Azure Active Directory to access wiki resources.
The Basic Set-up: - Cloud-hosted Azure VM w/ this image:
> https://bitnami.com/stack/mediawiki/virtual-machine > Basically contains an apache2 web server, and an image of mediawiki
- In addition to the base image, the extension OAuth2 Client has been installed following these instructions:
> https://www.mediawiki.org/wiki/Extension:OAuth2_Client > OAuth2 Client is built off this open-source project: > https://github.com/thephpleague/oauth2-client
- Azure Active Directory (AD) with a registered Web app / API
The Encountered Problem: After providing the Azure Active Directory's user credentials (email and password), a `Fatal exception of type "GuzzleHttp\Exception\ConnectException"` is thrown.
Attempted in-depth problem analysis: So after attempting a login, the reply url is as such:
(note: I've randomly changed some values)
So, it is sending back an authorization token, but for some reason, mediawiki failing to proceed to the next step and request an access token, and refresh token with the newly acquired authorization token.
I've tried to check the logs in the Apache2 server, but nothing is added.
Is there a way to change that and get more error info??
1. As per the OAuth2 Client instructions, I modified LocalSettings.php. Here, I'll briefly describe what information from the Azure AD I put where (<> contains a pseudo variable):
wfLoadExtension( 'MW-OAuth2Client ') $wgOAuth2Client['client']['id'] = <Application ID>; $wgOAuth2Client['client']['id'] = <Key created in AD app registration - basically a hash value> $wgOAuth2Client['configuration']['authorize_endpoint'] = <Azure AD OAUTH 2.0 AUTHORIZATION ENDPOINT> $wgOAuth2Client['configuration']['access_token_endpoint'] = <Azure AD OAUTH 2.0 TOKEN ENDPOINT> $wgOAuth2Client['configuration']['api_endpoint'] = <Azure App registered - App ID URI>
// As per the OAuth2 Client instructions...
$wgOAuth2Client['configuration']['redirect_uri'] = <http://mywikidomain/Special:OAuth2Client/callback>
//scopes not mentioned in OAuth2 Client install instructions
//Was throwing an index error if not set.
//According to the above link, when requesting an authorization code, scope is ignored and hence shouldn't matter what it is.
//Got the idea of 'user_impersonation' from the above microsoft docs link - use authorization code... -> successful response -> resource
$wgOAuth2Client['configuration']['scopes'] = 'user_impersonation';
// Defaults from OAuth2 Client NOT sure if needed to be changed
$wgOAuth2Client['configuration']['username'] = 'username';</code> $wgOAuth2Client['configuration']['email'] = 'email';
2. As the above wasn't working, I tried to look through the source code of oauth2-client made by the phpleague to understand what was going on.
I noticed that the version that OAuth2 installs is version 1.4 as my code was different, and oauth2-client is up to 2.4.1, so I checkout into master and pulled the new version. No success.
3. I noticed that the oauth2-client has packages developed for specific providers, including the Azure AD.
Hence, I installed as instructed but no change. I think I have to modify some things, but I have no idea what.
Please let me know if there is any more information you need!!!