Extension talk:PluggableAuth

Jump to navigation Jump to search

About this board

When reporting an error, please be sure to include version information for MediaWiki and all relevant extensions as well as configuration information. Also, please turn on debug logging as described at Manual:How to debug#Logging and include the relevant portions of the debug log.

Is there a way to avoid session timeout so quick with AzureAD?

3
BrunoPenso (talkcontribs)

Hi, I`m using mediawiki 1.34 with PluggableAuth and OpenIDConnect plugins, and after log in using AzureAD the session is expiring very fast.


Is there a way to set a specific time?


Thanks

MarkAHershberger (talkcontribs)

I think it might have to do with PHP, but pinging @Cindy.cicalese in case she has a better idea.

Cindy.cicalese (talkcontribs)

I've heard that setting $wgObjectCacheSessionExpiry to a larger value such as 24 hours is helpful. I'm also considering ways to expose the Remember Me functionality in core MediaWiki, which may be especially useful in SSO environments.

Reply to "Is there a way to avoid session timeout so quick with AzureAD?"

How to return on previous page when login time out?

2
Rajeshrajesh.35 (talkcontribs)

Is there is any configuration to return on previous page when logged in time out?


Kindly help me here

Cindy.cicalese (talkcontribs)

No, there is no such configuration.

Reply to "How to return on previous page when login time out?"
Summary by Cindy.cicalese

Missing "$wgGroupPermissions['*']['read'] = false;"

S0ring (talkcontribs)
Cindy.cicalese (talkcontribs)

Image authorization does indeed work with PluggableAuth. The authentication checks are done outside img_auth.php.

S0ring (talkcontribs)

Thank you for your quick reply. I am struggle with the img_auth.php script to make it working. I followed the article, I renamed the images directory, I moved it outside the DocumentRoot and I turned the php_admin_flag engine off. The images/files are now available under https://wiki.yourwiki.org/w/img_auth.php/01/01/Example.png ., but they are reachable without login, I expected to get a 403.

Cindy.cicalese (talkcontribs)

More information about your configuration would be helpful. For example, do you have your wiki set to require login to read?


$wgGroupPermissions['*']['read'] = false;


Login will only be enforced for image authorization if the content in your wiki is not readable without login.


S0ring (talkcontribs)

Wow, exactly this settings was guilt, now the access to images/files is denied without login as expected. Thank you a lot!

Cindy.cicalese (talkcontribs)

Great! You're welcome!

API clientlogin with PluggableAuth

4
Drcnyc (talkcontribs)

I am trying to log in to my private wiki using the clientlogin API from a linux-based IoT terminal which displays pages from the wiki that require authentication. I'm able to get the login token by posting "action=query&meta=tokens&type=login&format=json" to the API as specified in the API docs, but when I attempt to post "action=login&username=XX&password=XX&domain=XX&logintoken=XX&loginreturnurl=XX&format=json" to the API, the post is successful but I get [status: "FAIL", message: "The supplied credentials could not be authenticated.", messagecode: "authmanager-authn-no-primary"] in the response.

After doing some digging, it appears that this either has to do with PluggabeAuth removing the primary auth manager in $wgAuthManagerAutoConfig (as done in /includes/PluggableAuthHooks.php) or that perhaps PluggableAuth is serving as primary manager but turning down the request. When I run "action=query&meta=authmanagerinfo&amirequestsfor=login&format=json" through the API it shows that PluggableAuth has an additional field "pluggableauthlogin", which looks to be the login button, but I'm wondering if I somehow need to pass this as a parameter for the API login to work?

Any help would be greatly appreciated, as I'm running out of troubleshooting ideas here.

Cindy.cicalese (talkcontribs)
Drcnyc (talkcontribs)

Thank you - the bot login worked! But the issue I am now facing is that a bot is limited to accessing wiki pages via api.php (action=parse), and it doesn't appear that there is a way for a bot to access the "full" HTML pages via index.php as they would normally appear in a browser when accessing the wiki. The parse method only returns stripped down versions of pages, with no formatting/css, links and images not working, etc. What I need is the ability to access wiki pages via index.php so that I can get the full interactive experience for wiki pages on the IoT terminal. I believe the only way to do this would be a full login via action=clientlogin vs a bot login via action=login. Any ideas on how I can accomplish this? Can I login via action=clientlogin using a local account if PluggableAuth is enabled?

Cindy.cicalese (talkcontribs)

Unfortunately, action=clientlogin will not work with PluggableAuth. It's been a while since I've looked at it, but I believe it has to do with the way that most PluggableAuth authentication plugins interact with an external identity provider with redirects to the identity provider and then back to the wiki.

Reply to "API clientlogin with PluggableAuth"

Internal Error when Logging In

15
Summary by Cindy.cicalese

ldapsearch query is showing 2 different entries

Chattadude (talkcontribs)

I am doing a major upgrade of our existing Mediawiki.

Product Version MariaDB 1.28.2 PHP 7.0.32 (fpm-fcgi) MariaDB 10.1.37-MariaDB ICU 50.1.2


I'm going to PHP 7.2, MariaDB 10.4 and the latest version of Mediawiki.


As part of the upgrade, I want to replace SimpleRadiusAuth with LDAPProvider, PluggableAuth, and LDAPAuthentication2.


Since this is a big jump, I decided to do 1 round of database updates prior to installing the extensions - so I update the source code of everything else and I run a `php maintenance/update.php`. I then enable the extensions in LocalSettings.php, and I run that command again.


The upgrade goes well until I try to use these new extensions.

(So actually, I don't think there's a problem with the upgrade at all. I think that I'm missing something, hopefully not obvious, in the setup and configuration of the new LDAP extensions).


At the login page, if I enter in invalid credentials, I get the correct message that authentication failed.

If I enter in good credentials, I get directed to index.php?title=Special:PluggableAuthLogin, at which point I see an error message (pasted below).


How can I go about troubleshooting this?


[fabb2665631009df6e11d309] /index.php?title=Special:PluggableAuthLogin Error from line 71 of /var/www/html/extensions/LDAPProvider/src/UserInfoRequest.php: Class 'MediaWiki\Extension\LDAPProvider\MWException' not found

Backtrace:

#0 /var/www/html/extensions/LDAPProvider/src/Client.php(229): MediaWiki\Extension\LDAPProvider\UserInfoRequest->getUserInfo(string)

#1 /var/www/html/includes/libs/objectcache/BagOStuff.php(158): MediaWiki\Extension\LDAPProvider\Client->MediaWiki\Extension\LDAPProvider\{closure}()

#2 /var/www/html/extensions/LDAPProvider/src/Client.php(230): BagOStuff->getWithSetCallback(string, integer, Closure)

#3 /var/www/html/extensions/LDAPAuthentication2/src/PluggableAuth.php(84): MediaWiki\Extension\LDAPProvider\Client->getUserInfo(string)

#4 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(31): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate(NULL, string, NULL, NULL, NULL)

#5 /var/www/html/includes/specialpage/SpecialPage.php(569): PluggableAuthLogin->execute(NULL)

#6 /var/www/html/includes/specialpage/SpecialPageFactory.php(558): SpecialPage->run(NULL)

#7 /var/www/html/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)

#8 /var/www/html/includes/MediaWiki.php(865): MediaWiki->performRequest()

#9 /var/www/html/includes/MediaWiki.php(515): MediaWiki->main()

#10 /var/www/html/index.php(42): MediaWiki->run()

#11 {main}


Cindy.cicalese (talkcontribs)

You don't mention what version of the extensions you are using or how they are configured. It sounds like there may be a configuration error, since LDAPProvider cannot find one of its own classes: Class 'MediaWiki\Extension\LDAPProvider\MWException' not found.

Chattadude (talkcontribs)

Hi Cindy,

Thank you. I'm using the json configuration method as opposed to the php method.

I added a couple of things to the json file (see below), and that changed the original error message (above) very slightly, but I'm still getting an Internal error, this time with:


index.php?title=Special:PluggableAuthLogin Error from line 76 of /var/www/html/extensions/LDAPProvider/src/PlatformFunctionWrapper.php: Call to undefined function MediaWiki\suppressWarnings()


Here are version & configuration details below.

I do agree that this sounds like a configuration issue, but to-date, I've found the documentation on Extension:LDAPProvider to be confusing. I'm sure I'm missing something (hopefully not something obvious!)


LDAPAuthentication2 is version 1.0.1

LDAPProvider is version 1.0.1

PluggableAuth is version 5.7


I have the following in LocalSettings.php:

wfLoadExtension( 'LDAPProvider' );

wfLoadExtension( 'PluggableAuth' );

wfLoadExtension( 'LDAPAuthentication2' );

$LDAPProviderDomainConfigs = "/etc/mediawiki/ldapprovider.json";

$LDAPAuthentication2AllowLocalLogin = false


And in /etc/mediawiki/ldapprovider.json, I have the following:

{

   "LDAP": {

       "connection": {

           "server": "10.10.10.10",

           "user": "uid=wiki,cn=users,cn=compat,dc=lab,dc=example,dc=com",

           "pass": "ACTUAL-PASSWORD",

           "options":[],

           "enctype":"clear",

           "basedn": "dc=lab,dc=example,dc=com",

           "groupbasedn": "dc=lab,dc=example,dc=com",

           "userbasedn": "dc=lab,dc=example,dc=com",

           "searchattribute": "uid",

           "searchstring": "uid=USER-NAME,cn=users,cn=compat,dc=lab,dc=example,dc=com",

           "usernameattribute": "uid",

           "realnameattribute": "cn"

       }

   }

}


Chattadude (talkcontribs)

@Cindy.cicalese

I'm not positive which extension my problems are (err... were) related to, but I'm going ahead and replying here as this was where I opened up the conversation.

I'm also not sure if I've found a bug in the code somewhere in an extension, but I'm happy to open up an issue in Github, if you'd like.


tl;dr:

In my setup, there's an issue with the LDAP suite of extensions combined with the Echo + WhoIsWatching extensions. There also appears to be an issue with lines 76 and 78 of /extensions/LDAPProvider/src/PlatformFunctionWrapper.php. I currently have Echo & WhoIsWatching turned off, as well as the code on those 2 lines of this file, and everything is working fine.


More details:

I found the check scripts in /LDAPProvider/maintenance/, and ran

`php extensions/LDAPProvider/maintenance/CheckLogin.php --domain LDAP --username my-username`


And I found that I was getting the same error message as the one I posted in my 2nd comment above.

I commented out the code on line 76 and 78 of /extensions/LDAPProvider/src/PlatformFunctionWrapper.php as well as lines 176 and 181:

76                 #\MediaWiki\suppressWarnings();

77                 $ret = \ldap_bind( $this->linkID, $bindRDN, $bindPassword );

78                 #\MediaWiki\restoreWarnings();


(I tried removing the comments from those lines once I narrowed down the issue with Echo + WhoIsWatching, and deactivated those extensions, but after additional testing logging in & logging out, I found that I still needed to have those 4 lines commented out).


... at which point the test worked without any errors:

`php extensions/LDAPProvider/maintenance/CheckLogin.php --domain LDAP --username my-username`


However, when I went to login through the website, I got a different error message, indicating an issue right around line 70 of https://github.com/wikimedia/mediawiki-extensions-LDAPProvider/blob/master/src/UserInfoRequest.php.


I made the following changes to that file:

70                 if ( $count > 1 ) {

71                         #throw new MWException(

72                         #       wfMessage( "ldapprovider-more-than-one" )->params( $filter )->plain();

73                         #        print $count;

74                         #);

75                 }


At which point I was able login without any problems.


It was at this point that I started to notice a problem with the WhoIsWatching extension. I honestly cannot tell you what error message(s) I saw, as I've done a bunch of troubleshooting and editing of different files this morning to try and track down exactly what my issue was.


But after extensive troubleshooting, and trying varying degrees of commenting / uncommenting the code I reference above with the Echo & WhoIsWatching extensions, I've come to the conclusion that there's currently a conflict with those plugins + the LDAP suite of plugins. Even with Echo & WhoIsWatching turned off, I had to comment out some lines in two files related to LDAPProvider before my environment would work properly (UserInfoRequest.php and PlatformFunctionWrapper.php).

I tried removing the comments I added to the LDAPProvider files, but then I was unable to login, even with the Echo & WhoIsWatching extensions turned off.


I have this in my lab, and am happy to do additional tests if you'd like.


To recap, my environment is working with the following conditions:

PHP v7.2

MediaWiki v1.34.0

LDAPAuthentication2 v1.0.1

LDAPProvider v1.0.1 (95d4fd1)

PluggableAuth v5.7 (a69f626)

WhoIsWatching is turned off

Echo is turned off

Lines 76, 78, 176, and 182 of /extensions/LDAPProvider/src/PlatformFunctionWrapper.php are currently commented out.

Lines 71, 72 and 73 of /extensions/LDAPProvider/src/UserInfoRequest.php are currently commented out.

Cindy.cicalese (talkcontribs)

@Osnard, do you have any thoughts on this?

Osnard (talkcontribs)
  • Lines 76, 78, 176 and 181 (not 182) of /extensions/LDAPProvider/src/PlatformFunctionWrapper.php only disable error suppression.
  • Lines 71, 72 and 73 of /extensions/LDAPProvider/src/UserInfoRequest.php disable the error thrown in case the LDAP provider was not able to identify the user entry uniquely. This means you have more than one entry for that particular user in your LDAP, which is very unusual. Can you confirm this?
Chattadude (talkcontribs)

The underlying ldap database is FreeIPA / Red Hat IdM.

I only created a single user called "wiki" (the uid).


Maybe there's something in my json config that is a little bit off?

Osnard (talkcontribs)

In the debugging error log you should be able to see what is being returned by the LDAP backend, when the wiki searches for the user. This should only have one entry, but apparently it does not. Can you share the logs please?

Chattadude (talkcontribs)

How do I get the debug logs configured?

I tried adding the following to LocalSettings.php:


$wgDebugLogGroups['LDAPAuthentication2'] = "/tmp/LDAP.log";

$wgDebugLogGroups['LDAPProvider'] = "/tmp/LDAP.log";

$wgDebugLogGroups['PluggableAuth'] = "/tmp/LDAP.log";


And then I gave the web server (Nginx) ownership of /tmp/LDAP.log (touch the file, then chown)

But that log remains empty.

Cindy.cicalese (talkcontribs)

Follow the instructions at Manual:How to debug. You'll want something like:


ini_set( 'display_errors', 1 );

$wgShowDBErrorBacktrace = true;

$wgDebugLogFile= "/tmp/MediaWikiDebug.log";

$wgDebugDumpSql = true;

$wgShowSQLErrors = true;

$wgShowExceptionDetails = true;

Chattadude (talkcontribs)

Thanks.

I don't know if I'm missing code or what, but I always have to keep the suppressWarnings(); lines from /extensions/LDAPProvider/src/PlatformFunctionWrapper.php or else I always get this error message: `Call to undefined function MediaWiki\suppressWarnings()`


Leaving those commented out, but uncommenting lines 71-73 of UserInfoRequest.php, I always get this error message if I enter in correct credentials:

Class 'MediaWiki\Extension\LDAPProvider\MWException' not found. Commenting out 71 and 73, but leaving line 72 uncommented, I see: Fatal error authenticating user -- but in this case, I AM logged in.


In all cases, /tmp/MediaWikiDebug.log is empty. I've even done a chmod 777 on the log file, still nothing.


Checking FreeIPA's access logs, I don't see any errors.

However, running `ldapsearch -x ui=myuser`, I see quite a bit of output, including the following:


# search result

search: 2

result: 0 Success

# numResponses: 3

# numEntries: 2

Osnard (talkcontribs)

`numEntries: 2` is is issue here. Can you tell why there are two entries for that user in LDAP?

Chattadude (talkcontribs)

I have no clue.

I only created the 1 user.

That's probably a question for the folks over at FreeIPA.

Kylehutson (talkcontribs)

@Chattadude - Just wanted to give you a quick "thanks" for showing what changes to make. You've been very helpful!

Chattadude (talkcontribs)

Glad it was helpful. That said...

It's never a good idea to "hack core" or other extensions, so I wouldn't recommend leaving your code as-is in the state that I described above. I would recommend instead working with the extension maintainers and/or your LDAP provider (AD, FreeIPA, etc...) to figure out the root cause of the issue you are having.


I still intend to contact the FreeIPA maintainers and try to figure out why my ldapsearch query is showing 2 different entries, because I agree with @Osnard -- that's indeed a weird situation.

Replace standard login button

6
Summary by Cindy.cicalese

set $wgPluggableAuth_EnableLocalLogin to false

2A00:8A60:C010:1:0:0:1:125B (talkcontribs)

I use this with LDAPAuthentication2. But on the login page there are now to login buttons, the standard one and the one by PluggableAuth. Login works perfetcly, but only with the second button. But I don't want the first button. How do I hide it? The Login via PluggableAuth is supposed to be the only way to log in.

Cindy.cicalese (talkcontribs)

Please include what your MediaWiki and extension versions are as well as any configuration settings. Are you seeing only two login buttons or also other fields such as a username and password field? What other extensions do you have enabled?

2A00:8A60:C010:1:0:0:1:1062 (talkcontribs)

MediaWiki 1.34 and the latest Versions of the plugins (just downloaded them). About what Plugins are active and their config:

wfLoadExtension( 'LDAPProvider' );

$LDAPProviderDomainConfigs = "/var/www/mediawiki-1.34.0/ldapprovider.json";

wfLoadExtension( 'PluggableAuth' ); 

$wgPluggableAuth_EnableLocalLogin = true;

wfLoadExtension( 'LDAPAuthentication2' );

$LDAPAuthentication2UsernameNormalizer = 'strtolower';


And obviously I don't only have the two buttons but also fields for username and password, otherwise "Login works perfetcly" wouldn't make a lot of sense

Cindy.cicalese (talkcontribs)

@Osnard Can local login and LDAP login both be enabled simultaneously? I seem to remember discuss this at one point.


If you set $wgPluggableAuth_EnableLocalLogin to false or remove that line, the other button should disappear, but IIRC you will not be able to login locally.

2A00:8A60:C010:1:0:0:1:1011 (talkcontribs)

@Cindy.cicalese thanks, that did the trick. I thought that would remove the login fields entirely. But setting it to false and using $wgPluggableAuth_ButtonLabel I was able to simply replace the standard login button so nobody get's confused. Sure, now local login shouldn't be possible but if that would ever be necessary I can still revert it

Cindy.cicalese (talkcontribs)

Great. I'm glad that worked.

Davecotter (talkcontribs)
Cindy.cicalese (talkcontribs)

I am not familiar with that method, but I'd rather not have the PluggableAuth extension page point to a method that is untested and not packaged itself as an extension.

Davecotter (talkcontribs)

a valid concern, which if i think about it, was my concern as well. having thought about it, i agree it should not be linked from the main page. anyone searching hard enough will find this thread, with the link. thanks.

Cindy.cicalese (talkcontribs)

Thank you!

Could not bind to LDAP: (-1) Can't contact LDAP server only when using SSL

6
Dturtill (talkcontribs)

I have managed to get everything working up to the point when i change the enctype from tls to ssl at this point i get the error


[7eb0e2783d82bac21aa4da06] /index.php/Special:PluggableAuthLogin MWException from line 157 of /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php: Could not bind to LDAP: (-1) Can't contact LDAP server

Backtrace:

#0 /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php(80): MediaWiki\Extension\LDAPProvider\Client->establishBinding()

#1 /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php(313): MediaWiki\Extension\LDAPProvider\Client->init()

#2 /var/www/html/mediawiki/extensions/LDAPAuthentication2/src/PluggableAuth.php(76): MediaWiki\Extension\LDAPProvider\Client->canBindAs(string, string)

#3 /var/www/html/mediawiki/extensions/PluggableAuth/includes/PluggableAuthLogin.php(30): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate(NULL, string, NULL, NULL, NULL)

#4 /var/www/html/mediawiki/includes/specialpage/SpecialPage.php(575): PluggableAuthLogin->execute(NULL)

#5 /var/www/html/mediawiki/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run(NULL)

#6 /var/www/html/mediawiki/includes/MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)

#7 /var/www/html/mediawiki/includes/MediaWiki.php(900): MediaWiki->performRequest()

#8 /var/www/html/mediawiki/includes/MediaWiki.php(527): MediaWiki->main()

#9 /var/www/html/mediawiki/index.php(44): MediaWiki->run()

#10 {main}



Dturtill (talkcontribs)

now im getting the following error on tls


[cadcd2571028d80a8bda5cf1] /index.php/Special:PluggableAuthLogin MWException from line 128 of /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php: Could not start TLS!

Backtrace:

#0 /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php(79): MediaWiki\Extension\LDAPProvider\Client->maybeStartTLS()

#1 /var/www/html/mediawiki/extensions/LDAPProvider/src/Client.php(313): MediaWiki\Extension\LDAPProvider\Client->init()

#2 /var/www/html/mediawiki/extensions/LDAPAuthentication2/src/PluggableAuth.php(76): MediaWiki\Extension\LDAPProvider\Client->canBindAs(string, string)

#3 /var/www/html/mediawiki/extensions/PluggableAuth/includes/PluggableAuthLogin.php(30): MediaWiki\Extension\LDAPAuthentication2\PluggableAuth->authenticate(NULL, string, NULL, NULL, NULL)

#4 /var/www/html/mediawiki/includes/specialpage/SpecialPage.php(575): PluggableAuthLogin->execute(NULL)

#5 /var/www/html/mediawiki/includes/specialpage/SpecialPageFactory.php(611): SpecialPage->run(NULL)

#6 /var/www/html/mediawiki/includes/MediaWiki.php(296): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)

#7 /var/www/html/mediawiki/includes/MediaWiki.php(900): MediaWiki->performRequest()

#8 /var/www/html/mediawiki/includes/MediaWiki.php(527): MediaWiki->main()

#9 /var/www/html/mediawiki/index.php(44): MediaWiki->run()

#10 {main}

Cindy.cicalese (talkcontribs)
D3s3ertf0x (talkcontribs)

I have the same problem when trying to swicht to SSL. Were you able to solve this problem?

Cindy.cicalese (talkcontribs)
D3s3ertf0x (talkcontribs)

I have done that, I just wanted to know if Dturtill has solved it as he did not post on the talk page of the plugin

Reply to "Could not bind to LDAP: (-1) Can't contact LDAP server only when using SSL"

Return to main page after login.

2
Summary by Legaulph

Downloaded the latest version

Legaulph (talkcontribs)
MediaWiki 1.31.6
PHP 7.3.15 (cgi-fcgi)
MySQL 5.6.41-log
PluggableAuth 5.4 (300ac44) 01:28, 14 April 2018

How do I configure this to return to the page the login was initiated from? Seem that I always return to the main page.

Legaulph (talkcontribs)

I thought I downloaded the latest. I see it is 5.7. I pulled it from git and seems to work now

LDAP - "Auto-creation of a local account failed: Automatic account creation is not allowed."

6
Summary by Cindy.cicalese

configuration

31.209.95.10 (talkcontribs)

Hello,

i run Ubuntu 18.04 with apache2 php7.3 mediawiki 1.31 (Bluespice).

I have activated the plugins LDAPProvider, PluggableAuth and LDAPAuthentication2.


The connection to LDAP works, however when trying to login via LDAP it says: "Auto-creation of a local account failed: Automatic account creation is not allowed."

Original (German): "Die automatische Erstellung des lokalen Benutzerkontos ist fehlgeschlagen: Die automatische Benutzerkontenerstellung ist nicht erlaubt."


Local-Login still works.


-Found some workaround where i first create a new account with the name of the AD-user and then log in with those AD credentials but that didn´t work either.

-put those to my LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = true;

$wgGroupPermissions['*']['autocreateaccount'] = true;

$wgLDAPDisableAutoCreate = array(

   '**addomain**' => false

);


Don´t think this has anything to do with it, but my Database always throws this Warning:

Warning in ./libraries/sql.lib.php#613

count(): Parameter must be an array or an object that implements Countable


There are no errors in access-bluespice.log, access.log, error-bluespice.log, error.log.


What do i have to do to get this working?


Any help is much appreciated!!!

31.209.95.10 (talkcontribs)

PHP debug:


  • [DBQuery] firmuswiki SELECT /* User::idFromName */ user_id FROM `user` WHERE user_name = 'username' LIMIT 1
  • [authentication] Primary login with PluggableAuthPrimaryAuthenticationProvider succeeded
  • [DBQuery] firmuswiki SELECT /* User::idFromName */ user_id FROM `user` WHERE user_name = 'username' LIMIT 1
  • [authentication] Auto-creating username on login
  • [authentication] MediaWiki\Auth\AuthManager::autoCreateUser: blacklisted in session cvh1k0sl19jar76cbtc4fa222b61kc0g


Topic:Tgdofnhfke1w3w7e didnt help me


Clearing the Cache doesn´t help here either.


Can anyone tell me how to fix this?

MarkAHershberger (talkcontribs)

The blacklisted comment comes from this code. "Auto-creating username on login" appears to come from here which showed me that you are using "username" as the username. Is that right?

31.209.95.10 (talkcontribs)

Yep 'username' is the username here in the above debug messages.


Thank you for those references, it saved some sessions in '$IP/cache' and in my db table 'objectcache' now i get following german error:

"Es gab ein Problem bei der Übertragung deiner Benutzerdaten. Diese Aktion wurde daher sicherheitshalber abgebrochen, um eine falsche Zuordnung deiner Änderungen zu einem anderen Benutzer zu verhindern. Bitte sende das Formular erneut ab."

In english it´s something like "Your login credentials could not be sent, therefore this action has been stopped to prevent wrong assignments to different users. Please resent the form."


Have tried some cache-settings variations

$wgMainCacheType = CACHE_ANYTHING; #also tried CACHE_NONE, CACHE_ACCEL

$wgSessionCacheType = CACHE_ANYTHING; #also tried CACHE_NONE, CACHE_ACCEL

$wgMemCachedServers = [];

$wgSessionsInMemcached = true;

session_save_path("tmp"); #was not set before


Any idea?

MarkAHershberger (talkcontribs)

If you set $wgSessionsInMemcached = true, you'll also need to provide servers in $wgMemCachedServers.

You don't need to set $wgSessionCacheType since sessions are always stored in the object cache.

I recommend you install memcached and just use that for caching. That is, use $wgMainCacheType = CACHE_MEMCACHED;

31.209.95.10 (talkcontribs)

I finally got it to work with

$GLOBALS['bsgPermissionConfig']['autocreateaccount'] = [ 'type' => 'global', "roles" => [ 'autocreateaccount' ] ];

$GLOBALS['bsgGroupRoles']['*']['autocreateaccount'] = true;


and these settings for caching:

$wgMainCacheType = CACHE_MEMCACHED;

$wgMemCachedServers = ["127.0.0.1:11211"];

$wgSessionsInMemcached = true;


Thanks!