Extension talk:GoogleAppsAuthentification

From MediaWiki.org
Jump to: navigation, search

Error with auth request

Hi, i am getting this error:

Auth request object error. Try again

Is this probably related to the variable in LocalSettings.php, 'GoogleAppsDomain'?? i've set it this way:

$wgDefaultUserOptions['GoogleAppsDomain'] = 'google.com/a/myDomain.com';

Thanks in advance!

Daniel.SL15:24, 30 October 2012

The variable 'GoogleAppsDomain' should have the domain you want to allow logins from. e.g. I only want google accounts with domain example.com to login, such as mom@example.com or dad@example.com:

$wgDefaultUserOptions['GoogleAppsDomain'] = 'example.com';

This way, jimmy@gmail.com won't be authenticated.

205.251.160.14016:08, 22 July 2014
 

Redirect to login page after login

(The solution outlined in 2012 further down this page doesn't work with mw 1.22)

After login I get redirected to the mediawiki login page. How can I get redirected to the page I was before or maybe the main page?

thx, Karsten PS: I use mw1.22.5

Koemski (talk)17:57, 23 April 2014

bounce

93.218.105.20616:43, 20 May 2014
 

How do I make myself administrator?

Hi,

ok, now I'm logged in ... but how do I make myself an administrator or bureaucrat?

Best, Karsten

79.218.125.10607:23, 3 April 2014

There should be a non-Google-Apps default account that you setup when you initially installed MediaWiki.

Jasper Deng (talk)02:28, 4 April 2014

When using GoogleAppsAuthentification you cannot login with another user. There is no other login screen than the google-oAuth screen.

93.218.115.16216:51, 4 April 2014

In that case, you can assign it through database access. See Manual:User rights.

Jasper Deng (talk)04:24, 5 April 2014
  • mysql -u root -pPassword databasename
  • select user_id, user_name from user; -- find user_id of user, let's say: 2
  • insert into user_groups values (2, 'sysop'), (2, 'bureaucrat');
  • \q
Koemski (talk)06:59, 5 April 2014
 
 
 
 

GoogleAppsAuthentication MediaWiki 1.22.1

Is the extention still valid for MediaWiki 1.22.1? It looks like it doesn't work anymore.

Igor11:44, 24 February 2014

Suggestion / Has any : set this up for multipel domains

Has anyone tried to get multiple domains working for instance gmail.com and somegoogleappaccount.com?

I would think you could just loop through the domains somewhere but I am not sure where. Anyone have an idea?

50.137.193.14903:51, 23 July 2012

I tried to address this, but ran into some lack of mediawiki experience snags. Any upvotes or tips are appreciated: http://stackoverflow.com/questions/21121253/mediawiki-extensiongoogleappsauthentification-multiple-domains

Jslootbeek (talk)18:22, 22 January 2014
 

Sometimes can not sign in after Google's response

It is very convenient to have people log on a wiki with Google credential. Thanks for Bertrand Gorge and Emanuele Nanetti for the great work.

http://www.mediawiki.org/wiki/Extension:GoogleAppsAuthentification

An issue is that sometimes, even with Google return the right credential, mediawiki (19.2) does not get people log in correctly.

So far, I found the root cause was with SpecialUserlogin.php and patched it. Detail is here.

http://stackoverflow.com/questions/18536237/mediawiki-extension-googleappsauthentification-can-not-sign-in-after-googles-r

Llin.mitbbs (talk)15:21, 30 August 2013

"Endlessly" persistant logins

Great plugin, it solves one of the missing pieces in our Google Apps login project.

With that said, it seems that while users can logout successfully, they can also log back in without being logged in to Google Apps.

Say I login to my MediaWiki install (whether or not I'm logged into Apps already) and I end up back at Main_Page. If I click log out, I'm logged out and everything is peachy keen. Now, if I'm also logged out of Apps at this point, I can log right back in just by clicking the log in link in the header. That is to say, I don't need to be logged into Apps again to actually authenticate to the wiki; it lets me right back in. I'm not sure what's going on here, I suspect it has to do with the temp files, but erasing them isn't solving the issue. On the off chance it was OS or browser specific, several have been tried (Safari, Chrome, Firefox, on Windows and OS X - all latest versions as of this writing). The (Apache on Debian) web server user has full r/w permissions to the tmp directory and subdirectories.

If you have any insight as to how to solve this "endlessly" persistent login problem, that would be greatly appreciated. We've come up empty handed thus far.

Thanks!

Jme2390 (talk)17:48, 28 May 2012

implement userlogout hook and remove the session variable

122.201.18.15508:58, 24 June 2013
$wgHooks['UserLogout'] = array('fnUnsetLoggedInUser');
 
function fnUnsetLoggedInUser() {
        session_unset();
        return true;
}

this works if you're logged out of google

Willcwf (talk)22:25, 17 July 2013
 
 

Navigation bar visible before login

Hello,

The navigation bar is visible to users who are not yet logged in. Is there any way to hide the navigation bar until users have logged in?

Jack

203.217.56.5002:58, 18 January 2013

This might be a bit late for a response to this, but there is another extension for that which works quite well when combined with this one:

http://www.mediawiki.org/wiki/Extension:HideSidebar

71.237.180.11320:42, 29 May 2013
 

403 Forbidden error upon return

I installed and set up the extension.
When I try to login, I'm redirected to the Google login page (first time to my domain login page, but on later test to the standard login... nevermind, that's not the problem now).
I'm then asken to authorize mi URL site. Everything looks good so far.
But when I'm supposed to return to the site I get this:

Forbidden
You don't have permission to access /wiki/Especial:Entrar on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

(the "Especial:Entrar" is because the site is in spanish)

or

Forbidden
You don't have permission to access /index.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Depending on the URL I use.

I set the 777 permission to the whole extension folder and its child files/folder. Just in case.
Any idea?

186.19.202.20222:43, 24 May 2012

Hi, the 404 error looks like the wiki is not fully configured - htaccess issue or something similar. Maybe a URL is misconstructed somewhere (a media wiki setup should never give you a 404, it should create a page at the minimum)... Other than that I can't really tell, I haven't encountered this error myself...!

BertrandGorge (talk)07:12, 25 May 2012

For anyone who wants to know, I fixed the problem.

It was an issue with the Apache module mod_security. It prevents from urls to appear in the query string, so parameters like "http://..." cause an error. More info: http://drupal.org/node/576270 http://ericbae.com/2011/06/22/solving-openid-redirect-error/

In my case, I asked my hosting provider (I'm on a shared hosting) to add a rule and it started working just fine.

186.19.202.20221:06, 28 May 2012

Hi,


I have been searching for hours about the problem. Thankfully I came across your answer. I asked my provider to disable the rules described as above, and hopefully they will fix this very soon. One question: are there any side effects by disabling the offending rule.

Regards, Sam

94.227.33.4615:10, 8 November 2012
 
 
 

Local Accounts?

Is it possible to still allow local accounts while using this? The extension causes the wiki to automatically login with a GoogleApps account, but we have some third party individuals we'd still like to have access to our wiki without providing Google Apps accounts to.

76.10.122.19018:41, 14 February 2012

Hello, no you can't - it should be easy to modify the extension in order to allow it, but when we made the extension, our need was to have a transparent connection, with as little as possible burden for the end user...

BertrandGorge21:33, 14 February 2012

Please explain further regarding the local account with the google apps login

203.84.138.23811:23, 10 September 2012
 
 

Redirecting to login page after login

I was having an issue where after logging in from the home page, mediawiki would bring you straight back to the login page with a username and password field.

So I modified this code:

       // Return URL
       $config['return_server'] = (isset($_SERVER["HTTPS"]) ? 'https://' : 'http://') .$_SERVER['SERVER_NAME'].":".$_SERVER['SERVER_PORT'];
       $config['return_url'] = $config['return_server'].$_SERVER['REQUEST_URI'];

to

       // Return URL
       $config['return_server'] = (isset($_SERVER["HTTPS"]) ? 'https://' : 'http://') .$_SERVER['SERVER_NAME'].":".$_SERVER['SERVER_PORT'];
       if ($_REQUEST["title"] == $lg->specialPage("Userlogin")) {
               $config['return_url'] = $config['return_server'].$_SERVER['SCRIPT_NAME'];
       }
       else {
               $config['return_url'] = $config['return_server'].$_SERVER['REQUEST_URI'];
       }

This resolved my issue.

208.97.104.19417:43, 16 December 2011

Thanks! Had the same issue. (MW1.19.1) However you missed one simple line.

Before the code above add: $lg = Language::factory($wgLanguageCode);

Otherwise you get a blank page. (Or PHP-Error of unknown $lg, depending on your debug settings.)

Additionaly, after Login I get a dialog asking if I wanted to purge the cache of the mainpage. (Usually only NOT logged in users should get that.) Fixed it by changing:

$wgOut->redirect($url."?action=purge");

to

$wgOut->redirect($url."?action=view");

Have to wait and see if there are serious isuess with with not-current mainpages.

5.28.71.14914:59, 13 August 2012
 

Are there any concerns with bots reading pages for emails?

Can we use an obsfuator to stop this even the user:pages@googleappaccount.com is the page name?

24.106.160.17906:08, 19 July 2012

Permission

I would like to know about the permission in the mediawiki, if I use this extension let say: sysops,beaurecrat,....

220.255.2.2502:32, 6 July 2012

Class DOMDocument not found in google_discovery.php

I got a blank page after installing this extension, and the subject contains what was in the log. I installed php-xml and that fixed it so I decided to put this here in case anyone else has this problem.

208.90.215.18102:49, 13 October 2011

Thank you this worked for me!

64.236.128.4120:59, 21 June 2012
 

Unable to change user permissions of auto-created accounts

Those accounts comes with "@domain.com", and when I try to change their user rights with the special pages, I was given the error of "cannot edit uesr rights of other wiki".

Soon I found in the manual pages that I need to have the "userrights-interwiki" for my bureaucrat group, so I added that in my LocalSettings. Then I was given another error of "Database mydomain.com does not exist or is not local."

Any help~? I suggest not storing the username with the domain - since with this extension we are allowed to use google apps of only one domain - so with "@domain.com" doesn't really make much difference.

202.55.50.23618:04, 29 August 2011

What you say makes sense - I didn't know that MediaWiki accounts did interpret the @ sign somehow - anyway, it is easy to fix - just change the line that says " $username = $googleAccount['email']; ", with something like " $username = preg_replace('/@.*/', , $googleAccount['email']); " or something similar....

BertrandGorge06:46, 30 August 2011

Yes you're right. That's what I did too! Many thanks! Highly appreciate the quick response from you.

Ewcy07:10, 30 August 2011

I added the following to LocalSettings.php:

  1. Allow @ in username (# as delimiter for database instead of @)

$wgUserrightsInterwikiDelimiter = '#'

This changes the interwiki delimiter to a # instead of an @, allowing you to have @ in your username without trouble. I doubt anybody uses interwiki rights management except the Wikimedia Foundation itself; I really wish they just had interwiki disabled by default. Oh well.

76.10.122.19018:36, 14 February 2012
 
 
 

Nonce error "OpenID authentication failed: Nonce already used or out of range"

Sorry I don't know if it's the correct place to voice out questions - correct me if it's not.

I just did what you told me last night (29 Aug 2011). I was correctly redirected to the Google Apps login page, and also the subsequent "XXXXXXXX (my URL) wants to access the following information" (etc.). But then I was stopped at an error with only 1 line of output: "OpenID authentication failed: Nonce already used or out of range". Any clue on this?

Thanks! I love this great extension - simple, easy to use, just great.

219.79.162.8914:37, 29 August 2011

Did you make sure the tmp folder is writable ? Do you see the nounce files being created ?

BertrandGorge15:00, 29 August 2011
 

One thing is that we found that the extension doesn't work too well on a Windows setup - for some reason it started to work with a linux box only... Maybe a lead for you !

BertrandGorge15:03, 29 August 2011
 

Oh yeah problem solved.

1) I just noticed that the tmp folder that came with the OpenID library (as linked from the wiki page) was actually NOT empty. And so when I am setting the correct permissions to it, I need to recursively chmod-ing it. That is, " chmod -R 777 tmp " instead of " chmod 777 tmp ".

2) Once I have made the #1 change, I encountered another error of "undefined function: FileCache::singleton() on line 2726 of includes/GlobalFunctions.php", even when I used a new browser to browse the wiki. My mediawiki was an old one, 1.14 version. I didn't touch any configuration concerning FileCache (and it should default to "false" ?) The problem doesn't go away even I switch on or off FileCache in LocalSettings.php. My solution was to (dirtily) amend GlobalFunctions.php and comment out that if() block and use only the else block. (very dirty indeed!)

202.55.50.23617:07, 29 August 2011