i have windows server 2016, MediaWiki 1.41.1, PHP 8.3.4, mysql 8.3.0, PluggableAuth 7.1.0, OpenID Connect 8.0.1
when i attempt to log in, i get the redirect to the microsoft page, enter my creds, confirm via authenticator app on my phone and am presented with the following error:
Message: AADSTS50011: The redirect URI 'https://raawiki.acme.org/RAAWIKI/index.php?title=Special:PluggableAuthLogin' specified in the request does not match the redirect URIs configured for the application '6856ee73-9078-420f-a7af-b2da67a686dc'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
the URI in AZURE AD has been set to https://raawiki.acme.org/RAAWIKI/index.php/Special:PluggableAuthLogin
all i'm trying to do at this point is test the log in.
my pluggableauth log shows...
2024-04-12 20:07:08 server raawiki: In execute()
2024-04-12 20:07:08 server raawiki: Getting PluggableAuth instance
2024-04-12 20:07:08 server raawiki: Plugin name: OpenIDConnect
my openid connect logs shows...
2024-04-12 20:07:08 server raawiki: Redirect URL: https://raawiki.acme.org/RAAWIKI/index.php?title=Special:PluggableAuthLogin
Where is it pulling https://raawiki.acme.org/RAAWIKI/index.php?title=Special:PluggableAuthLogin from?
LocalSettings.php
<?php
# This file was automatically generated by the MediaWiki 1.41.1
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/MainConfigSchema.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;
$wgSitename = "RAAWIKI";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "/RAAWIKI";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "https://raawiki.acme.org";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogos = [
'1x' => "$wgResourceBasePath/resources/assets/XXX.jpg",
'wordmark' => [
"src" => "$wgResourceBasePath/resources/assets/XXX.jpg",
"width" => 200,
"height" => 25,
],
'tagline' => [
"src" => "$wgResourceBasePath/resources/assets/XXX.jpg",
"width" => 119,
"height" => 18,
],
'icon' => "$wgResourceBasePath/resources/assets/XXX.jpg",
];
## UPO means: this is also a user preference option
$wgEnableEmail = false;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "";
$wgPasswordSender = "";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "acmewiki";
$wgDBuser = "XXX";
$wgDBpassword = "XXX";
# MySQL specific settings
$wgDBprefix = "";
$wgDBssl = false;
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
# Shared database table
# This has no effect unless $wgSharedDB is also set.
$wgSharedTables[] = "actor";
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = false;
#$wgUseImageMagick = true;
#$wgImageMagickConvertCommand = "/usr/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = false;
# Site language code, should be one of the list in ./includes/languages/data/Names.php
$wgLanguageCode = "en";
# Time zone
$wgLocaltimezone = "EST";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#$wgCacheDirectory = "$IP/cache";
$wgSecretKey = "XXX";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgUpgradeKey = "XXX";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "";
## Default skin: you can change the default skin. Use the internal symbolic
## names, e.g. 'vector' or 'monobook':
$wgDefaultSkin = "citizen";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MinervaNeue' );
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# Enabled extensions. Most of the extensions are enabled by adding
# wfLoadExtension( 'ExtensionName' );
# to LocalSettings.php. Check specific extension documentation for more details.
# The following extensions were automatically enabled:
wfLoadExtension( 'CategoryTree' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'DiscussionTools' );
wfLoadExtension( 'ImageMap' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Interwiki' );
wfLoadExtension( 'Linter' );
wfLoadExtension( 'Math' );
wfLoadExtension( 'Nuke' );
wfLoadExtension( 'OATHAuth' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'PdfHandler' );
wfLoadExtension( 'ReplaceText' );
wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'WikiEditor' );
wfLoadSkin( 'Citizen' );
# End of automatically generated settings.
# Add more configuration options below.
$wgShowExceptionDetails = true;
require_once "$IP/vendor/autoload.php";
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['trusted']['edit'] = true; // 'trusted' is a custom group you would create
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
# Authenticaion
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );
# Configure PluggableAuth
$wgPluggableAuth_EnableAutoLogin = false;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_EnableLocalProperties = false;
$wgPluggableAuth_EnableFastLogout = false;
$wgPluggableAuth_Config[] = [
'plugin' => 'OpenIDConnect',
'buttonLabelMessage' => 'RAAWIKI Login',
'data' => [
'providerURL' => 'https://login.microsoftonline.com/XXX/v2.0/',
'clientID' => 'XXX',
'clientsecret' => 'XXX',
'scope' => ['openid', 'profile', 'email'],
'preferred_username' => ''
]
];
$wgOpenIDConnect_UseRealNameAsUserName = true;
$wgShowExceptionDetails = true;
$wgDebugToolbar = true;
$wgShowDebug = true;
$wgDevelopmentWarnings = true;
$wgDebugLogFile = 'C:/Windows/Temp/Debug.log';
$wgDebugLogGroups['PluggableAuth'] = 'C:/Windows/Temp/PLUG.log';
$wgDebugLogGroups['OpenIDConnect'] = 'C:/Windows/Temp/OpenID.log';