Extension talk:SSL authentication

&raquo; Archive (early 2011 and earlier)

Underscores in usernames
I am running MW 1.11.2 and the plugin version for that rev. I am having a problem with users that have an underscore in their username. They get various errors when they attempt to log in. Evidently, this is a common issue with any external auth module for MW. Here's what happens when they attempt to log in. I realize I probably just need to undo the automatic changing of the underscore to a space - somewhere, but where exactly?

Initial entry:

Detected bug in an extension! Hook SSLAuth failed to return a value; should return true to continue hook processing or false to abort.

Backtrace:


 * 1) 0 /var/www/sfsintranet/includes/StubObject.php(131): wfRunHooks('AutoAuthenticat...', Array)
 * 2) 1 /var/www/sfsintranet/includes/StubObject.php(57): StubUser->_newObject
 * 3) 2 /var/www/sfsintranet/includes/StubObject.php(31): StubObject->_unstub('isAllowed', 5)
 * 4) 3 /var/www/sfsintranet/includes/StubObject.php(122): StubObject->_call('isAllowed', Array)
 * 5) 4 [internal function]: StubUser->__call('isAllowed', Array)
 * 6) 5 /var/www/sfsintranet/includes/Title.php(1269): StubUser->isAllowed('read')
 * 7) 6 /var/www/sfsintranet/includes/Wiki.php(133): Title->userCanRead
 * 8) 7 /var/www/sfsintranet/includes/Wiki.php(43): MediaWiki->preliminaryChecks(Object(Title), Object(OutputPage), Object(WebRequest))
 * 9) 8 /var/www/sfsintranet/index.php(89): MediaWiki->initialize(Object(Title), Object(OutputPage), Object(User), Object(WebRequest))
 * 10) 9 {main}

Subsequent entry attempts:

A database query syntax error has occurred. This may indicate a bug in the software. The last attempted database query was: (SQL query hidden) from within function "User::addToDatabase". MySQL returned error "1062: Duplicate entry 'Mj_p' for key 2 (localhost)".


 * Try string replacing underscores to spaces when setting up $ssl_UN ? &mdash; Edward Z. Yang (Talk) 02:48, 30 July 2012 (UTC)

hiding logout button slightly broken with MW-1.19
I've just installed mediawiki-1.19.0beta1 and added the 1.19 version of SSLAuthPlugin.php. End result: working well except that the logout button has been replaced with "AMPlt;0AMPgt;" (I replaced the ampersands with AMP as I don't know what would happen to them in this editor).

Must be a slight bug in something? Also, MW still asks to confirm the email address - can the code also take that into account? i.e. a cert with an email address should be treated as validated?

Thanks - this was VERY easy to get up and running!

Jason

--Paran7 (talk) 21:52, 23 March 2012 (UTC)
 * The logout link problem exists with 1.18 as well. The problem is that the logout url is set to null rather than being removed. The following patch fixed the problem for me:


 * Would be great if somebody else could test this. If it works then I guess I should just change the code in the main article.

how to map USER_PRINCIPAL_NAME under X509_EXTENSION with AD - UserPrincipalName attribute
I am able to implement this extension. After that, I need to map USER_PRINCIPAL_NAME to AD UserPrincipalName to get more data back from Active Directory. Do you have some example code I could reference?

I have been searched about this issues for a while
===== ==

only to find the PHP Bug #60388 about openssl_x509_parse extensions=>subjectAltName. If you are able to find any workaround, I would love to learn how..

Problems with SSLRequire apache configuration and email/realname import
Hi,

I´m new in mediawiki, and i´ve used this extension for client register/autentication but i found several problems in configuration:

_First, the line "SSLRequire  %{SSL_CLIENT_S_DN}  =~ m/.*serialNumber= $/" in apache config doesn´t work and i have replaced by tree lines "SSLVerifyClient require/SSLVerifyDepth 2/SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"" and works well, but i don´t understand why doesn´t work the first one and if this configuration is optimal for the extension.

_Second, when i login with my client certificate (which has my own CA), the user is created fine, but the email and the realname aren´t written to the user´s profile.SOLVED, i´ve set ssl_map_info=true

My version of mediawiki is 1.20 and i´ve used "SSLAuthPlugin.php (MW 1.20)"

Can anyone help me with this problems?

Thanks in advance,

Carlos