HeyHelloThere
Similar problem like this one.
I configured SimpleSAMLphp with ADFS and it seemed to work. Then I installed the SimpleSAMLphp and PluggableAuth Addons on my Bluespice/Mediawiki installation.
I click the login button and get redirected to the adfs login site where I type in my credentials. Everything seemed to be working fine. There was a pop-up saying "Confirm Form Resubmission" which I accepted. When I input any incorrect credentials, nothing happens and I can type in the credentials again, but when I input my correct credentials, the problem occurs.
--- The Problem
After I input my correct credentials I get redirected around 5x to something similar like the following Link...
https://adfs.domain.tld/adfs/ls/wia?SAMLRequest=(longString)RelayState=https:%3A%2F%2Fmywiki.domain.tld%2Fbluespice%2Findex.php%3Ftitle%3DSpezial%3APluggableAuthLogin&client-request-id=(id)&RedirectToIdentityProvider=AD+AUTHORITY
and end up on the wiki.domain.tld/simplesaml/module.php/saml/sp/saml2-acs.php/simpleSamlWiki site, which has the title "Unhandled exception" and this debug information.
Backtrace:
1 www\_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: SimpleSAML\Module\saml\Error: Responder
Backtrace:
4 modules\saml\lib\Message.php:484 (SimpleSAML\Module\saml\Message::getResponseError)
3 modules\saml\lib\Message.php:616 (SimpleSAML\Module\saml\Message::processResponse)
2 modules\saml\www\sp\saml2-acs.php:141 (require)
1 lib\SimpleSAML\Module.php:254 (SimpleSAML\Module::process)
0 www\module.php:10 (N/A)
--- Debugging
I did use the debugging feature like mentioned in the other post and found this ~5x when searching for "[PluggableAuth]" in the log:
[PluggableAuth] In execute()
[PluggableAuth] Getting PluggableAuth singleton
[PluggableAuth] Class name: SimpleSAMLphp
[DBQuery] DATABASE SELECT /* SqlBagOStuff::getMulti */ keyname,value,exptime FROM `objectcache` WHERE keyname = 'DATABASE:MWSession:47655a8898255aa47db42d8f46c545'
[session] SessionBackend "47655a886e98255aa47db42d46c545" is unsaved, marking dirty in constructor
and when I searched for "SimpleSAML" found this ~5x:
Echo does not expose its version, but BlueSpiceEchoConnector mentions it with constraint '*'. Assume it's ok so.
IP: <server IP>
Start request GET /bluespice/index.php?title=Spezial:PluggableAuthLogin
HTTP HEADERS:
CONTENT-TYPE:
CONTENT-LENGTH: 0
SEC-FETCH-MODE: navigate
SEC-FETCH-SITE: same-site
UPGRADE-INSECURE-REQUESTS: 1
USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
REFERER: https:://adfs.domain.tld/adfs/ls/?SAMLRequest=...(same as above)
HOST: wiki.domain.tld
COOKIE: restorewikidbnotificationFlag=1; restorewikidbCalumma_desktop-view=true; restorewikidb_session=70gt6u30ps58s7ddn28tc951igh42va; SimpleSAML=ef929c6ddcc726778505cef0265d14b; SimpleSAMLAuthToken=_da39836fffb36e83d278160a65c79da06dae2ed0a
ACCEPT-LANGUAGE: en-US,en;q=0.9
ACCEPT-ENCODING: gzip, deflate, br
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
CONNECTION: keep-alive
CACHE-CONTROL: max-age=0
[caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, session: SqlBagOStuff
[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
[DBReplication] Cannot use ChronologyProtector with EmptyBagOStuff.
General info:
- MediaWiki 1.31.5 (On Windows Server 2019)
- Bluespice 3.1.1
- PHP 7.4.0
- SimpleSAMLphp 1.18.3
- PluggableAuth Addon 5.4
- SimpleSAMLphp Addon 4.1
Any help would be greatly appreciated!
Thank you