Hi,
I am trying to configure SAML auth for our Wiki 1.39.4 on RHEL7.9.
I have 2 queries here.
1. which version of simplesamlphp library is supported for:
wiki 1.39.4
php 8.0
pluggableauth 7.0
SimpleSAMLphp: 7.0
2. I just trying with simplesamlphp 2.0.5. While accessing the wiki, it gives error :
"Could not load authentication plugin"
Not sure where it is failing. can someone suggest ?
--
GT
"Could not load authentication plugin" most likely means $wgPluggableAuth_Config from Extension:PluggableAuth is not properly set up. Can you please share your config?
Hi Osnard,
This is the config:
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'SimpleSAMLphp' );
$wgSimpleSAMLphp_InstallDir = '/var/simplesamlphp';
$wgSimpleSAMLphp_AuthSourceId = 'default-sp';
$wgPluggableAuth_EnableAutoLogin = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;
$wgPluggableAuth_ButtonLabelMessage = 'Login';
$wgPluggableAuth_Class = 'SimpleSAMLphp';
$wgMainCacheType = CACHE_DB;
$wgSimpleSAMLphp_MandatoryUserInfoProviders['myusername'] = [
'factory' => function() {
return new \MediaWiki\Extension\SimpleSAMLphp\UserInfoProvider\GenericCallback( function( $attributes ) {
if ( !isset( $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'] ) ) {
throw new Exception( 'missing email address' );
}
$parts = explode( '@', $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0]);
return strtolower( $parts[0] );
} );
}
];
$wgPluggableAuth_Config['Log in using my SAML'] = [
'plugin' => 'SimpleSAMLphp',
'data' => [
'authSourceId' => 'default-sp',
'usernameAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'realNameAttribute' => ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname','http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'],
'emailAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
'userinfoProviders' => [
'username' => 'myusername'
]
]
];
Hi,
@Osnard @Cindy.cicaleseThese are from the logs. is it something related to session data?
2023-11-20 11:48:34 hostname wiki: Primary login with MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider returned REDIRECT
2023-11-20 11:48:34 hostname wiki: In execute() 2023-11-20 11:48:34 hostname wiki: Getting PluggableAuth instance 2023-11-20 11:48:34 hostname wiki: Plugin name: SimpleSAMLphp
Nov 20 11:48:34 simplesamlphp ERROR [TR72440098] Error loading session: Invalid session ID
2023-11-20 11:48:34 hostname wiki: Invalid authentication plugin class: Invalid session ID
2023-11-20 11:48:35 hostname wiki: Login failed in primary authentication by MediaWiki\Extension\PluggableAuth\PrimaryAuthenticationProvider
Hi,
This issue has been solved.
If anyone face similar issue refer below.
modify below variables in the config.php of simplesamlphp. default config is to use 'phpsession'. This need to be changed to use sql/database to store session info.
'store.type' => 'sql',
'store.sql.dsn' => 'mysql:host=localhost;port=3306;dbname=mywiki',
store.sql.username' => 'sqluser', //SQL DB user name
'store.sql.password' => 'password', //SQL DB user password
