Topic on Extension talk:SimpleSAMLphp/Flow

Testergt1302 (talkcontribs)

Hi,

I am trying to configure SAML auth for our Wiki 1.39.4 on RHEL7.9.

I have 2 queries here.

1. which version of simplesamlphp library is supported for:

wiki 1.39.4

php 8.0

pluggableauth 7.0

SimpleSAMLphp: 7.0


2. I just trying with simplesamlphp 2.0.5. While accessing the wiki, it gives error :

"Could not load authentication plugin"

Not sure where it is failing. can someone suggest ?

--

GT

Osnard (talkcontribs)

"Could not load authentication plugin" most likely means $wgPluggableAuth_Config from Extension:PluggableAuth is not properly set up. Can you please share your config?

Testergt1302 (talkcontribs)

Hi Osnard,

This is the config:

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'SimpleSAMLphp' );

$wgSimpleSAMLphp_InstallDir = '/var/simplesamlphp';

$wgSimpleSAMLphp_AuthSourceId = 'default-sp';

$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_EnableLocalProperties = false;

$wgPluggableAuth_ButtonLabelMessage = 'Login';

$wgPluggableAuth_Class = 'SimpleSAMLphp';

$wgMainCacheType = CACHE_DB;

$wgSimpleSAMLphp_MandatoryUserInfoProviders['myusername'] = [

        'factory' => function() {

                return new \MediaWiki\Extension\SimpleSAMLphp\UserInfoProvider\GenericCallback( function( $attributes ) {

                        if ( !isset( $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'] ) ) {

                                throw new Exception( 'missing email address' );

                        }

                        $parts = explode( '@', $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0]);

                                                return strtolower( $parts[0] );

                } );

        }

];

$wgPluggableAuth_Config['Log in using my SAML'] = [

        'plugin' => 'SimpleSAMLphp',

        'data' => [

                'authSourceId' => 'default-sp',

                'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',

                'realNameAttribute' => ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'],

                'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',

                'userinfoProviders' => [

                        'username' => 'myusername'

                ]

         ]

];

Testergt1302 (talkcontribs)

@Osnard Any suggestions on this ? Am I missing something here ?

Testergt1302 (talkcontribs)

Hi,

@Osnard @Cindy.cicaleseThese are from the logs. is it something related to session data?

> Authentication.log <

2023-11-20 11:48:34 hostname wiki: Primary login with MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider returned REDIRECT

> PluggableAuth.log <

2023-11-20 11:48:34 hostname wiki: In execute() 2023-11-20 11:48:34 hostname wiki: Getting PluggableAuth instance 2023-11-20 11:48:34 hostname wiki: Plugin name: SimpleSAMLphp

> simplesamlphp.log <

Nov 20 11:48:34 simplesamlphp ERROR [TR72440098] Error loading session: Invalid session ID

> PluggableAuth.log <

2023-11-20 11:48:34 hostname wiki: Invalid authentication plugin class: Invalid session ID

> Authentication.log <

2023-11-20 11:48:35 hostname wiki: Login failed in primary authentication by MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider

Testergt1302 (talkcontribs)

Hi,

This issue has been solved.

If anyone face similar issue refer below.

modify below variables in the config.php of simplesamlphp. default config is to use 'phpsession'. This need to be changed to use sql/database to store session info.

'store.type'                    => 'sql',

'store.sql.dsn'                 => 'mysql:host=localhost;port=3306;dbname=mywiki',

store.sql.username' => 'sqluser', //SQL DB user name

'store.sql.password' => 'password', //SQL DB user password