We want mediawiki to connect through identity server (openid connect), after configuring everything as instructed , we are facing two problem.

1. User are being created with the name "User1","User2" in the user_name column of the User table. User email id is coming as scope from the openid connect server. Want username as emailid.
2. There is no any "Logout" option if user logged in.

Urgent help is required.

Regards

Kunal

In general, when requesting help for this type of problem, it is important to include the version of MediaWiki and of extensions and any extension dependencies you are using. Also, please include the relevant configuration settings you are using.

If the email is being provided by the server as the scope rather than the email address, that sounds like a configuration issue on the server. But, it is difficult to know without seeing your configuration settings.

Unless you have $wgPluggableAuth_EnableAutoLogin set to true (the default is false), you should be seeing a logout option.

Hi Cindy,

Thanks for reverting back.

Below are the configuration details.

-------LocalSettings.php

.....

# The following permissions were set based on your choice in the installer

# $wgGroupPermissions['*']['createaccount'] = true;

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['read'] = false;

$wgGroupPermissions['*']['autocreateaccount'] = true;

....

....

# End of automatically generated settings.

# Add more configuration options below.

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = true;

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_Class = "OpenIDConnect";

wfLoadExtension( 'OpenIDConnect' );

$wgOpenIDConnect_Config['https://login.mycompany.com'] = [

    'clientID' => 'wiki',

    'clientsecret' => 'wikisecret',

'scope' => array( 'openid', 'profile', 'email')

];

$wgOpenIDConnect_UseEmailNameAsUserName = true;

----end---

----versions

Below is the Identity server Resource provider snippet(language c#).

public static IEnumerable<IdentityResource> GetIdentityResources()

        {

            return new List<IdentityResource>

            {

                new IdentityResources.OpenId(),

                new IdentityResources.Profile(),

                new IdentityResources.Email(),

            };

        }

Please Let me know , What am i missing.

Thanks in advance.

The setting

$wgPluggableAuth_EnableAutoLogin = true;

is the reason you are not seeing a Logout link. This setting automatically logs the user in without them selecting the Login link and removes the Logout link.

The settings look correct for using the email id as the username. I have an almost identical configuration with similar software versions running correctly with Google as the identity server. Are the email address and real name getting set correctly in the User table in the database? My suspicion is that the email address is not getting correctly returned by the identity server. I'm afraid I am not familiar with the details of the configuration of your identity server.

Also, if you turn on debug logging as in Manual:How_to_debug, you may see an indication of what is happening in the debug log.

Hi Cindy,

In User table "user_realname" is getting updated with emailId , "user_name" is getting "User1"

and "user_email" is null.

what should i do to populate the "User_name" correctly.

It sounds to me like your identity server is misconfigured to send the email address in the real name field rather than the email address field. I would investigate the identity server configuration.

Hi Cindy,

Below is debug data for the above scenario

• IP: ::1
• Start request GET /testWiki/index.php/Special:PluggableAuthLogin?code=39966b6666560930a0e04216cf74fa4e344c86eed84edde4a47e80705d0c8804&scope=openid%20profile%20email&state=8d73c64d038bf49b2c3c8389f598b9ae&session_state=TqiKKFyzNRYrXNQ-dHcyfWaAT0bHYtRh1lSA3BOV7C4.9293c5f0e367e3e266200765e5d72a62HTTP HEADERS:HOST: localhostCONNECTION: keep-aliveCACHE-CONTROL: max-age=0UPGRADE-INSECURE-REQUESTS: 1USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8REFERER: http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Flogin%3Fresponse_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%252FtestWiki%252Findex.php%252FSpecial%253APluggableAuthLogin%26client_id%3Dwiki%26nonce%3D77aa79a2ccd8a463f70295184ca09e29%26state%3D8d73c64d038bf49b2c3c8389f598b9ae%26scope%3Dopenid%2520profile%2520emailACCEPT-ENCODING: gzip, deflate, brACCEPT-LANGUAGE: en-US,en;q=0.8COOKIE: wikidb_session=6ihndahph1fl371vo4cogi7ekmt7d8gv; .AspNetCore.Antiforgery.X5ipDmWKkaA=CfDJ8MkgNPQ2l_9PhDLWMcDNWGyiMbKN0ML_8r4iNYx-JwE1QGlkDthoXWTbB3X2CJCrm6s3z9xpgYqe0wCgseHZCniKb1dA2PsT5koO4FQ3SWfqzeLRfnWO54wx4qO3KCBeyGABVJPjg_JTcs-GCM3TXqY; Identity.Application.session=1e39fce839f6ddf7798620ab4f4250c2; .AspNetCore.Identity.Application=CfDJ8MkgNPQ2l_9PhDLWMcDNWGysefhKrtMLKuOzfqH50PPyeHBjdTj01K8Fv7V2Ltp5oYRwAtkWWNrLUfRzseRMvhQdZkbe5Wo4-nq9zKAXLTkojC4rdS2of4PvKbKVSUFhXihXTUW0I6ErS6jL9bjiE3B2pMK_fief-ln3fCaxI3HeikNW33DVD0GK39Qi4jA3iuYdZVTZHZrlYsxg87pqF6VMkS8oD7UlU_aQqdluQeUKnrWIJdyDYWjtgBQNkEkt7dMc4dAA6WhG4OAJzkjlmj9I7Y0WFubV30i_J5OBT2OMIUMVUXr910a7j3zhFvKRS6yzIkxmwX8F_n9LWVFYgknWp_mN6JmHvnJrXw7Gj5n6U_-KkXvlAC8IU6ZNwoMqXl2maFAmHAM046N0vOV707filthoIrMwP0EvBnudwxq1bmt4SqxiGtfEmBBB4moURqgETFqOM62NEaQ6e7d5mochkZhL5W95vDNlswss11U5ujMgLD1Tbf1IVE0P9RYySYeHPGrtvI8DO_MrnpG74xm69zemNelPanRQxZ4vb41LTenaIXfqOXbWHamhJ-P6MOwngE9_iV8oZx9QD7JWlx18oSeDdXfIt5dnAQVh9AM2a9aFSWxOf3msbpWubxAZWSETflUVgvk6veLuppJNaP-HDnpfhHYo99O3VNYg1yXJYiFSf9q1XedFpB55EV3MxYluxefQBQzMKa1q--pheEwjnlx_lR4DPY2mRKlZdSvoMWW-EpUc82QMtyysdtUa69powW8fr1lVGDW5K81JzSLFDreuFtZav-YVgSzGLdLIpYOkVGrG_KdE88_v6YsQLZcYE_1utP8fDVyD_OMD5gln1GrT9hXoZeafc2Bz5R35
• [caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, parser: SqlBagOStuff, session: SqlBagOStuff
• [caches] LocalisationCache: using store LCStoreDB
• [session] Session "6ihndahph1fl371vo4cogi7ekmt7d8gv" requested without UserID cookie
• [DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {"IPAddress": "::1","UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/61.0.3163.100 Safari\/537.36","ChronologyProtection": false}
• [DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
• [DBConnection] Connected to database 0 at 'localhost'.
• [SQLBagOStuff] Connection 91 will be used for SqlBagOStuff
• [DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
• [DBConnection] Connected to database 0 at 'localhost'.
• OpenIDConnectClientException: Unable to verify JWT claims in C:\xampp\htdocs\testWiki\extensions\OpenIDConnect\vendor\jumbojett\openid-connect-php\OpenIDConnectClient.php:281Stack trace:#0 C:\xampp\htdocs\testWiki\extensions\OpenIDConnect\OpenIDConnect.class.php(151): OpenIDConnectClient->authenticate()#1 C:\xampp\htdocs\testWiki\extensions\PluggableAuth\PluggableAuthLogin.php(46): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)#2 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPage.php(522): PluggableAuthLogin->execute(NULL)#3 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPageFactory.php(578): SpecialPage->run(NULL)#4 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(287): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))#5 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(862): MediaWiki->performRequest()#6 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(523): MediaWiki->main()#7 C:\xampp\htdocs\testWiki\index.php(43): MediaWiki->run()#8 {main}
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" data dirty due to dirty(): SpecialPage->run/PluggableAuthLogin->execute/OpenIDConnect->authenticate/MediaWiki\Session\Session->clear/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" metadata dirty due to user change
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" save: dataDirty=1 metaDirty=1 forcePersist=0
• [cookie] setcookie: "wikidb_session", "6ihndahph1fl371vo4cogi7ekmt7d8gv", "0", "/", "", "", "1"
• [cookie] already deleted setcookie: "wikidbUserID", "", "1477990373", "/", "", "", "1"
• [cookie] already deleted setcookie: "wikidbToken", "", "1477990373", "/", "", "", "1"
• [cookie] already deleted setcookie: "forceHTTPS", "", "1477990373", "/", "", "", "1"
• [DBPerformance] Expectation (writes <= 0) by MediaWiki::main not met:query-m: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('X')#0 C:\xampp\htdocs\testWiki\includes\libs\rdbms\TransactionProfiler.php(218): Wikimedia\Rdbms\TransactionProfiler->reportExpectationViolated('writes', 'query-m: REPLAC...')#1 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(979): Wikimedia\Rdbms\TransactionProfiler->recordQueryCompletion('query-m: REPLAC...', 1509526373.0405, true, 2)#2 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(891): Wikimedia\Rdbms\Database->doProfiledQuery('REPLACE INTO `o...', 'REPLACE /* SqlB...', true, 'SqlBagOStuff::s...')#3 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(2173): Wikimedia\Rdbms\Database->query('REPLACE INTO `o...', 'SqlBagOStuff::s...')#4 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\DatabaseMysqlBase.php(494): Wikimedia\Rdbms\Database->nativeReplace('`objectcache`', Array, 'SqlBagOStuff::s...')#5 C:\xampp\htdocs\testWiki\includes\objectcache\SqlBagOStuff.php(372): Wikimedia\Rdbms\DatabaseMysqlBase->replace('objectcache', Array, Array, 'SqlBagOStuff::s...')#6 C:\xampp\htdocs\testWiki\includes\objectcache\SqlBagOStuff.php(387): SqlBagOStuff->setMulti(Array, 1509529973)#7 C:\xampp\htdocs\testWiki\includes\libs\objectcache\CachedBagOStuff.php(65): SqlBagOStuff->set('wikidb:MWSessio...', Array, 1509529973, 1)#8 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(738): CachedBagOStuff->set('wikidb:MWSessio...', Array, 1509529973, 1)#9 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(607): MediaWiki\Session\SessionBackend->save()#10 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(410): MediaWiki\Session\SessionBackend->autosave()#11 C:\xampp\htdocs\testWiki\includes\session\Session.php(262): MediaWiki\Session\SessionBackend->setUser(Object(User))#12 C:\xampp\htdocs\testWiki\extensions\OpenIDConnect\OpenIDConnect.class.php(198): MediaWiki\Session\Session->clear()#13 C:\xampp\htdocs\testWiki\extensions\PluggableAuth\PluggableAuthLogin.php(46): OpenIDConnect->authenticate(NULL, NULL, NULL, NULL, NULL)#14 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPage.php(522): PluggableAuthLogin->execute(NULL)#15 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPageFactory.php(578): SpecialPage->run(NULL)#16 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(287): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))#17 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(862): MediaWiki->performRequest()#18 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(523): MediaWiki->main()#19 C:\xampp\htdocs\testWiki\index.php(43): MediaWiki->run()#20 {main}
• Authentication failure.
• [MessageCache] MessageCache::load: Loading en... local cache is empty, global cache is expired/volatile, loading from database
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" data dirty due to dirty(): MediaWiki\Auth\AuthManager->setAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->getSecretKeys/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" data dirty due to dirty(): MediaWiki\Auth\AuthManager->setAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->getSecretKeys/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" data dirty due to dirty(): PluggableAuthLogin->execute/MediaWiki\Auth\AuthManager->setAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "6ihndahph1fl371vo4cogi7ekmt7d8gv" save: dataDirty=1 metaDirty=0 forcePersist=0
• MediaWiki::preOutputCommit: primary transaction round committed
• MediaWiki::preOutputCommit: pre-send deferred updates completed
• MediaWiki::preOutputCommit: LBFactory shutdown completed
• Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->transform
• Parser: using preprocessor: Preprocessor_DOM
• Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct

below is configuration snapshot for Identity server

.....

 cs.Add(new Claim(ClaimTypes.Role, user.Designation));

            cs.Add(new Claim(ClaimTypes.Email, user.Email));

            cs.Add(new Claim("designation", user.Designation));

....

need a resolution for this ASAP.

Please help.

This exception is thrown in the OpenID Connect library:

OpenIDConnectClientException: Unable to verify JWT claims in C:\xampp\htdocs\testWiki\extensions\OpenIDConnect\vendor\jumbojett\openid-connect-php\OpenIDConnectClient.php:281

The OpenID Connect PHP library is making an authentication request to the identity server, but it is encountering an error in handling the response. This could be due to an error in the identity server configuration.

So Cindy , what should be the configuration used for identity server. Can you please suggest something.

I am using Identityserver4 as an OpenIdConnect provider.

Your help will be highly appreciated.

I wish I could help you, but the only identity server I have configured for OpenID Connect is Google (Extension:OpenID_Connect#Example:_Google_as_an_Issuer).

Maybe this will help: https://github.com/jumbojett/OpenID-Connect-PHP/issues/44. You could try to ask for help there, as well.

Hi Cindy,

I am able to get the user login but with username "USER1".

I tried to make username as email, but its throwing error with saying username is not valid. I guess its not taking special character.

Is there any way to make email id as username. Let me know the php file where i can make the validation changes so that username can be of email format.

Help is highly appreciated.

Did you try setting $wgOpenIDConnect_UseEmailNameAsUserName = true ? See Extension:OpenID_Connect#Configuration_parameters.

Hi Cindy , I tried this but its not helping.

Realname contains email address in my case.

error its displaying is UserName not valid. And for the case of EmailNameasUserName its create "User1" only.

Below a row for the user table.

INSERT INTO `user` (`user_id`, `user_name`, `user_real_name`,`user_newpass_time`, `user_touched`, `user_token`,`user_email_authenticated`, `user_email_token`, `user_email_token_expires`,`user_registration`, `user_editcount`, `user_password_expires`, `subject`,`issuer`) VALUES (NULL, 0x5573657231,0x6b756e616c40666c69636b326b6e6f772e636f6d, NULL,0x3230313731313135303631353331,0x3863373363306466316231663939313766623361653835356565663562636566, NULL,0x0000000000000000000000000000000000000000000000000000000000000000, NULL,0x3230313731313135303631353234, '0', NULL,0x64656631623432662d303830372d343731352d613337342d623737323664393333346565,0x687474703a2f2f6c6f63616c686f73743a35303030)

Could you please add some additional debugging statements so we can figure out what is going on? At line 157, print out the values for $preferred_username, $realname, and $email:

wfDebug("preferred username = " . $preferred_username);

wfDebug("realname = " . $realname);

wfDebug("email = " . $email);

That will tell us what the identity provider is returning for those values. It then uses those values to construct the username in the getAvailableUsername function. If the values above look correct, you could add some additional debugging in that function.

Hi Cindy ,

I am able to create user using email.

But after logging out and then logging in its giving error because it want to recreate an user(duplicate entry).

Below is error log.

Database error

A database query error has occurred. This may indicate a bug in the software.

[48be48f30122c3a6feba9619] 2017-11-17 07:13:37: Fatal exception of type "Wikimedia\Rdbms\DBQueryError"

Debug data:

• IP: ::1
• Start request GET /testWiki/index.php/Special:UserLoginHTTP HEADERS:HOST: localhostCONNECTION: keep-aliveCACHE-CONTROL: max-age=0UPGRADE-INSECURE-REQUESTS: 1USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8REFERER: http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Flogin%3Fresponse_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%252FtestWiki%252Findex.php%252FSpecial%253APluggableAuthLogin%26client_id%3Dwiki%26nonce%3D83450dfca095fbc0edf3af838d42bc3a%26state%3Dd30f9e77e3d7dc2da70d71a5df0a7c73%26scope%3Dopenid%2520profile%2520emailACCEPT-ENCODING: gzip, deflate, brACCEPT-LANGUAGE: en-US,en;q=0.9COOKIE: wikidb_session=a0dj7m97o9og8vskoigrh5eh1uoke5jm; .AspNetCore.Antiforgery.X5ipDmWKkaA=CfDJ8MkgNPQ2l_9PhDLWMcDNWGxPO1BUq42yeh2LDvJk3Tq-Al2JvQUVr9_0GJrcbOo9GYmBzMYEjytaPd6q8ub-mFMVZOW4PAf59xWCkvB2hSSlyK2LDpUV8kQK0ynaIUAiXrJhebYlVDskC0G4r9e43Xk; Identity.Application.session=3e0e5ad34c3107d01ce191592611a87a; .AspNetCore.Identity.Application=CfDJ8MkgNPQ2l_9PhDLWMcDNWGzIynzdRD50QldhDG9gsK9RcmVcZVs8ItAtzzF3T__SB3O7zXpb3ej7CgVXhyF11-VDLnZd9kfI3j0fW2vncu6H7t8JhkJVMRli7tNYGcTc8bzkFQIAyuNUsWgb0IMrg5skZHzrEmvcyaaRM_thcGzGmYmZFDbiqgVqfK2ZWcm6kmP7k7hVLKplCa_akabMHUU7rRsnVCYs_NPqfOX_RpyOiRAyBmKEZblSY8q8kXnOmIosN219bg2ZMStvvUxEBwYVz4MDQlK-Kr9wv5zJcE6NP-CE99BgH8kGCuQWmDqCR64SiGldazhqu6MVTg2rO5FHqnnoA15Lr_fCJ2s0mvtnh8kkgmxWBQlfdLnI8lQSzXNZ_vQke2KgecIGMGD4qq7M2ztTBVOlQgZ3dQ52MMWrjCBslcO9ngydmoNHZ4d25p8fGu4XP-Vaah5IkXEASCRqJnY8-L9na2-mGv7PqQNeJQ4UA-6uijcPoGK8H_lPXlSImUwKHQEOUBXprzYrnBP1zSqfGRQD_jXGL5sCmTqfW6dPrl19vYu5C-sdVG7hhyO6vPtTvV-hbJSKuyTPTUUxxN0ErJGjMbRdCPr_kEZ7Py9o10OpF17xkjSV8Acar1Wk1IxSTC7OvlikFsPpt40NAlETGukGOsZOA2AE905G_YJoqmCR-_5LPdJeHe2AY5tngEr_g2l303UmqyqBoWBN2dylrVmC5LPU_n08xNep04rtBfK7PlXUgMJON4HL1GDofbw-9i_rnIwEjL4go1CWABbm50G8mJhHeTNszrju7fzRl7GuSAxUnCDhaEkcWOgp5tr4_GIQFo-5AQYqzmq44JPspcs9ySoVszbOEKx3
• [caches] cluster: EmptyBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: SqlBagOStuff, parser: SqlBagOStuff, session: SqlBagOStuff
• [caches] LocalisationCache: using store LCStoreDB
• [session] Session "a0dj7m97o9og8vskoigrh5eh1uoke5jm" requested without UserID cookie
• [DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {"IPAddress": "::1","UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/62.0.3202.94 Safari\/537.36","ChronologyProtection": false}
• [DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
• [DBConnection] Connected to database 0 at 'localhost'.
• [SQLBagOStuff] Connection 158 will be used for SqlBagOStuff
• [DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.
• [DBConnection] Connected to database 0 at 'localhost'.
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" data dirty due to dirty(): AuthManagerSpecialPage->handleReturnBeforeExecute/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" save: dataDirty=1 metaDirty=0 forcePersist=0
• [DBPerformance] Expectation (writes <= 0) by MediaWiki::main not met:query-m: REPLACE INTO `objectcache` (keyname,value,exptime) VALUES ('X')#0 C:\xampp\htdocs\testWiki\includes\libs\rdbms\TransactionProfiler.php(218): Wikimedia\Rdbms\TransactionProfiler->reportExpectationViolated('writes', 'query-m: REPLAC...')#1 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(979): Wikimedia\Rdbms\TransactionProfiler->recordQueryCompletion('query-m: REPLAC...', 1510902816.6094, true, 2)#2 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(891): Wikimedia\Rdbms\Database->doProfiledQuery('REPLACE INTO `o...', 'REPLACE /* SqlB...', true, 'SqlBagOStuff::s...')#3 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php(2173): Wikimedia\Rdbms\Database->query('REPLACE INTO `o...', 'SqlBagOStuff::s...')#4 C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\DatabaseMysqlBase.php(494): Wikimedia\Rdbms\Database->nativeReplace('`objectcache`', Array, 'SqlBagOStuff::s...')#5 C:\xampp\htdocs\testWiki\includes\objectcache\SqlBagOStuff.php(372): Wikimedia\Rdbms\DatabaseMysqlBase->replace('objectcache', Array, Array, 'SqlBagOStuff::s...')#6 C:\xampp\htdocs\testWiki\includes\objectcache\SqlBagOStuff.php(387): SqlBagOStuff->setMulti(Array, 1510906416)#7 C:\xampp\htdocs\testWiki\includes\libs\objectcache\CachedBagOStuff.php(65): SqlBagOStuff->set('wikidb:MWSessio...', Array, 1510906416, 1)#8 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(738): CachedBagOStuff->set('wikidb:MWSessio...', Array, 1510906416, 1)#9 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(607): MediaWiki\Session\SessionBackend->save()#10 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(581): MediaWiki\Session\SessionBackend->autosave()#11 C:\xampp\htdocs\testWiki\includes\session\SessionBackend.php(293): MediaWiki\Session\SessionBackend->renew()#12 C:\xampp\htdocs\testWiki\includes\session\Session.php(127): MediaWiki\Session\SessionBackend->persist()#13 C:\xampp\htdocs\testWiki\includes\specialpage\LoginSignupSpecialPage.php(220): MediaWiki\Session\Session->persist()#14 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPage.php(522): LoginSignupSpecialPage->execute(NULL)#15 C:\xampp\htdocs\testWiki\includes\specialpage\SpecialPageFactory.php(578): SpecialPage->run(NULL)#16 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(287): SpecialPageFactory::executePath(Object(Title), Object(RequestContext))#17 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(862): MediaWiki->performRequest()#18 C:\xampp\htdocs\testWiki\includes\MediaWiki.php(523): MediaWiki->main()#19 C:\xampp\htdocs\testWiki\index.php(43): MediaWiki->run()#20 {main}
• [MessageCache] MessageCache::load: Loading en... local cache is empty, global cache is expired/volatile, loading from database
• Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->transform
• Parser: using preprocessor: Preprocessor_DOM
• Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct
• QuickTemplate::__construct was called with no Config instance passed to it
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" data dirty due to dirty(): PluggableAuthContinueAuthenticationRequest->loadFromSubmission/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" save: dataDirty=1 metaDirty=0 forcePersist=0
• [authentication] Primary login with PluggableAuthPrimaryAuthenticationProvider succeeded
• [authentication] Auto-creating Kunal@fieldassist.in on login
• User::getBlockedStatus: checking...
• [authentication] MediaWiki\Auth\AuthManager::autoCreateUser: creating new user (Kunal@fieldassist.in) - from: /testWiki/index.php/Special:UserLogin
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• User: loading options for user 16 from database.
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" data dirty due to dirty(): PluggableAuthPrimaryAuthenticationProvider->updateUserRealNameAndEmail/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" save: dataDirty=1 metaDirty=0 forcePersist=0
• [CryptRand] 0 bytes of randomness leftover in the buffer.
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" data dirty due to dirty(): PluggableAuthPrimaryAuthenticationProvider->updateUserRealNameAndEmail/MediaWiki\Auth\AuthManager->removeAuthenticationSessionData/MediaWiki\Session\Session->setSecret/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" save: dataDirty=1 metaDirty=0 forcePersist=0
• User does not have editmyprivateinfo right or has just been created.
• [DBQuery] User::saveSettings localhost 1062 Duplicate entry 'kunal@fieldassist.in' for key 'user_name' (localhost) UPDATE `user` SET user_name = 'kunal@fieldassist.in',user_real_name = 'kunal@fieldassist.in',user_email = 'kunal@fieldassist.in',user_email_authenticated = NULL,user_touched = '20171117071343',user_token = 'a8c7661d7802d86571b8d7d491068bbf',user_email_token = '',user_email_token_expires = NULL WHERE user_id = '16' AND user_touched = '20171117071342'
• [DBQuery] SQL ERROR: Duplicate entry 'kunal@fieldassist.in' for key 'user_name' (localhost)
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" data dirty due to dirty(): AuthManagerSpecialPage->handleFormSubmit/AuthManagerSpecialPage->performAuthenticationStep/MediaWiki\Auth\AuthManager->continueAuthentication/MediaWiki\Session\Session->remove/MediaWiki\Session\SessionBackend->dirty
• [exception] [48be48f30122c3a6feba9619] /testWiki/index.php/Special:UserLogin Wikimedia\Rdbms\DBQueryError from line 1075 of C:\xampp\htdocs\testWiki\includes\libs\rdbms\database\Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: UPDATE `user` SET user_name = 'kunal@fieldassist.in',user_real_name = 'kunal@fieldassist.in',user_email = 'kunal@fieldassist.in',user_email_authenticated = NULL,user_touched = '20171117071343',user_token = 'a8c7661d7802d86571b8d7d491068bbf',user_email_token = '',user_email_token_expires = NULL WHERE user_id = '16' AND user_touched = '20171117071342'Function: User::saveSettingsError: 1062 Duplicate entry 'kunal@fieldassist.in' for key 'user_name' (localhost)
• [session] SessionBackend "a0dj7m97o9og8vskoigrh5eh1uoke5jm" save: dataDirty=1 metaDirty=0 forcePersist=0

below is local setting

<?php

# This file was automatically generated by the MediaWiki 1.29.1

# installer. If you make manual changes, please keep track in case you

# need to recreate them later.

#

# See includes/DefaultSettings.php for all configurable settings

# and their default values, but don't forget to make changes in _this_

# file, not there.

#

# Further documentation for configuration settings may be found at:

# https://www.mediawiki.org/wiki/Manual:Configuration_settings

# Protect against web entry

if ( !defined( 'MEDIAWIKI' ) ) {

exit;

}

## Uncomment this to disable output compression

# $wgDisableOutputCompression = true;

$wgSitename = "MyWiki";

## The URL base path to the directory containing the wiki;

## defaults for all runtime URL paths are based off of this.

## For more information on customizing the URLs

## (like /w/index.php/Page_title to /wiki/Page_title) please see:

## https://www.mediawiki.org/wiki/Manual:Short_URL

$wgScriptPath = "/testWiki";

## The protocol and server name to use in fully-qualified URLs

$wgServer = "http://localhost";

## The URL path to static resources (images, scripts, etc.)

$wgResourceBasePath = $wgScriptPath;

## The URL path to the logo.  Make sure you change this from the default,

## or else you'll overwrite your logo when you upgrade!

$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";

## UPO means: this is also a user preference option

$wgEnableEmail = true;

$wgEnableUserEmail = true; # UPO

$wgEmergencyContact = "apache@localhost";

$wgPasswordSender = "apache@localhost";

$wgEnotifUserTalk = false; # UPO

$wgEnotifWatchlist = false; # UPO

$wgEmailAuthentication = true;

## Database settings

$wgDBtype = "mysql";

$wgDBserver = "localhost";

$wgDBname = "wikidb";

$wgDBuser = "wikiuser";

$wgDBpassword = "wikiuser";

# MySQL specific settings

$wgDBprefix = "";

# MySQL table options to use during installation or update

$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

# Experimental charset support for MySQL 5.0.

$wgDBmysql5 = false;

## Shared memory settings

$wgMainCacheType = CACHE_NONE;

$wgMemCachedServers = [];

## To enable image uploads, make sure the 'images' directory

## is writable, then set this to true:

$wgEnableUploads = false;

#$wgUseImageMagick = true;

#$wgImageMagickConvertCommand = "/usr/bin/convert";

# InstantCommons allows wiki to use images from https://commons.wikimedia.org

$wgUseInstantCommons = false;

# Periodically send a pingback to https://www.mediawiki.org/ with basic data

# about this MediaWiki instance. The Wikimedia Foundation shares this data

# with MediaWiki developers to help guide future development efforts.

$wgPingback = true;

## If you use ImageMagick (or any other shell command) on a

## Linux server, this will need to be set to the name of an

## available UTF-8 locale

$wgShellLocale = "en_US.utf8";

## Set $wgCacheDirectory to a writable directory on the web server

## to make your wiki go slightly faster. The directory should not

## be publically accessible from the web.

#$wgCacheDirectory = "$IP/cache";

# Site language code, should be one of the list in ./languages/data/Names.php

$wgLanguageCode = "en";

$wgSecretKey = "21f55efcdf8b031dc5ddc799843598ee6288da2da75eb82a3859b127d47a397f";

# Changing this will log out all existing sessions.

$wgAuthenticationTokenVersion = "1";

# Site upgrade key. Must be set to a string (default provided) to turn on the

# web installer while LocalSettings.php is in place

$wgUpgradeKey = "de834f7db78a13d6";

## For attaching licensing metadata to pages, and displaying an

## appropriate copyright notice / icon. GNU Free Documentation

## License and Creative Commons licenses are supported so far.

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright

$wgRightsUrl = "";

$wgRightsText = "";

$wgRightsIcon = "";

$wgInvalidUsernameCharacters = "%:";

$wgUserrightsInterwikiDelimiter = "%";

# Path to the GNU diff3 utility. Used for conflict resolution.

$wgDiff3 = "";

$wgGroupPermissions['*']['createaccount'] = true;

$wgGroupPermissions['*']['edit'] = false;

$wgGroupPermissions['*']['read'] = false;

$wgGroupPermissions['*']['autocreateaccount'] = true;

## Default skin: you can change the default skin. Use the internal symbolic

## names, ie 'vector', 'monobook':

$wgDefaultSkin = "vector";

# Enabled skins.

# The following skins were automatically enabled:

wfLoadSkin( 'CologneBlue' );

wfLoadSkin( 'Modern' );

wfLoadSkin( 'MonoBook' );

wfLoadSkin( 'Vector' );

# End of automatically generated settings.

# Add more configuration options below.

# End of automatically generated settings.

# Add more configuration options below.

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableAutoLogin = false;

$wgPluggableAuth_EnableLocalLogin = false;

$wgPluggableAuth_Class = "OpenIDConnect";

wfLoadExtension( 'OpenIDConnect' );

$wgOpenIDConnect_Config['http://localhost:5000'] = [

    'clientID' => 'wiki',

    'clientsecret' => 'wikisecret',

'scope' => [ 'openid', 'profile', 'email' ]

];

$wgOpenIDConnect_UseEmailNameAsUserName = true;

$wgOpenIDConnect_UseRealNameAsUserName = false;

error_reporting( -1 );

ini_set( 'display_errors', 1 );

$wgShowExceptionDetails = true;

$wgDebugToolbar = true;

$wgShowDebug = true;

$wgDevelopmentWarnings = true;

Please help me in solving this.

> I am able to create user using email.

Great! How did you fix that? Explaining how you fixed the problem could help others with the same issue in the future.

> But after logging out and then logging in its giving error because it want to recreate an user(duplicate entry).

From the error log, it is trying to execute:

UPDATE `user` SET user_name = 'kunal@fieldassist.in' ... WHERE user_id = '16' AND user_touched = '20171117071342'

and it is getting the error:

SQL ERROR: Duplicate entry 'kunal@fieldassist.in' for key 'user_name' 

I have a couple of questions about this. First, I'm surprised that it is trying use the full email address for the username rather than just the part before the "@". The getAvailableUsername() function should be stripping off the domain. Second, it is complaining that there is already another row in the table with the same username. Could there be other rows in the table with the same username from your prior testing? You may need to delete those rows and try again.

>Great! How did you fix that? Explaining how you fixed the problem could help others with the same issue in the future.

I have changed the invalid character to something else. then '@'.

Now I am able to login after logout without any issue.

I need one more help.

From OpenId connect I am sending a claim which i want to use to whether user should login or not. also depending on this value users will have different rights on the wiki.

Where can i do the mapping in wiki.

Thanks.

That functionality based upon OpenID Connect claims does not yet exist in OpenID Connect, but it could be added. The limitation on login would be implemented similar to the Extension:LDAP Authorization or Extension:Email Authorization extensions. The rights would be implemented using groups similar to the Extension:LdapGroups extension.

Hi Cindy,

I am deploying the IDS integration on production , but i getting "unauthorised client" when using "login" option. but when pasting the http://xxxxwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin

I am able to login.

Can you please help me with this.

Also is there any localhost setting which well redirect to the above page if wiki website is entered.

And also if possible i can set the "logIn" url to the above metioned url.

This is a bit urgent .

Thanks

Kunal

Which code are you getting "unauthorized client" from? Perhaps there is an error with the registration with the identity provider? If you are reusing the registration you used in development, perhaps it has the old URL somewhere?

I'm not sure what you are asking about redirecting, but maybe you're looking for the autologin option in PluggableAuth?

The login URL needs to be set to Special:Userlogin. It then handles part of the authentication workflow and redirects to the identity provider, which then redirects back to Special:PluggalbeAuthLogin.

Hi Cindy

http://xxxxwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin

This is the url which is registered with Identity Server. and working as expected for logging in the user.

But when using "log in" button which should ideally be redirecting with the above url , is not happening and sending the plain url to IDS which is throwing unauthorised URL.

But this is not happening in case of locally hosted wiki.

What could be the reason.

Thanks

Kunal

When you click the login link, it takes you to Special:Userlogin. There is code in the PluggableAuth extension that prevents that page from being displayed and instead redirects to the identity server if no additional user input is necessary from the wiki. It sounds like that is happening ok if your identity server is being contacted. If your identity server is complaining that the redirect URL is unauthorized, that means it is not able to access it. If you were to log in to the identity server's host and try to ping your wiki's host, would you be able to? If not, that's the problem.

Hi Cindy,

I am still stuck with enabling this on azure website . I guess the issue is with jumbojet openid connect .

"composer require '/vendor/autoload.php" is always throwing error. I have freshly installed all the latest version. But getting this error.

D:\home\site\wwwroot>composer require '/vendor/autoload.php'

[InvalidArgumentException] Could not find package '/vendor/autoload.php' at any version for your minimum-stability (stable). Check the package spelling or your minimum-stability

can you please help me with this.

I'm not sure what you're trying to do with that command. The bit after "composer require" should be the name of a package at packagist.org that you are trying to install, not the name of a local file. But, you should not need a "composer require" command at all. After downloading the code for the OpenID Connect extension, you should use "composer update" from the OpenID Connect directory (the directory containing the composer.json file) to install the jumbojett OpenID Connect PHP library (see the 4th step of Extension:OpenID_Connect#Installation).

Hi Cindy ,

These are the steps i followed.

1. Copied the mediawiki 1.29.2 files to wwwroot on the azure server.
2. installed the mediawiki with mysql server.
3. added PluggableAuth extension.
4. Added these to Local Settings - $wgGroupPermissions['*']['createaccount'] = true; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['autocreateaccount'] = true; wfLoadExtension( 'PluggableAuth' ); $wgPluggableAuth_EnableAutoLogin = false; $wgPluggableAuth_EnableLocalLogin = false;
5. added OpenIdConnect Extension
6. Installed composer to OpenIdConnect Extenstion folder
7. Updated the Mediawiki using WebUpdater.
8. Ran "Composer Update" in OpenIdConnect Extenstion folder
9. added these to LocalSettings wfLoadExtension( 'OpenIDConnect' ); $wgOpenIDConnect_Config['https://login.assist.io'] = [     'clientID' => 'wiki',     'clientsecret' => 'wikisecret', 'scope' => [ 'openid', 'profile', 'email' ] ]; $wgOpenIDConnect_UseRealNameAsUserName = true;

But still the issue persist.

Can you please point me to the right direction.

Also attaching debug data.

IP: 203.122.45.58

Start request GET /index.php?code=dcdd295c4f564de19688083392b94864c00b89c886a105588fc4eb4d41802a6a&scope=openid%20profile%20email&state=93daeb438841cfe26bcbcdf704713be6&session_state=VbEEGFNMn0MBLsvDwLj2IeEnJgUoHr78EXJeMuSao1M.172bcf19c8a7a27accb5f57f4bad2c05

HTTP HEADERS:

CONTENT-TYPE: 

CONTENT-LENGTH: 0

X-FORWARDED-FOR: 203.122.45.58:56801

WAS-DEFAULT-HOSTNAME: testwikipedia.azurewebsites.net

X-SITE-DEPLOYMENT-ID: testwikipedia

DISGUISED-HOST: testwikipedia.azurewebsites.net

X-ARR-LOG-ID: ca35b454-3929-4de7-a693-14dca8b67ce8

X-ORIGINAL-URL: /index.php?code=dcdd295c4f564de19688083392b94864c00b89c886a105588fc4eb4d41802a6a&scope=openid%20profile%20email&state=93daeb438841cfe26bcbcdf704713be6&session_state=VbEEGFNMn0MBLsvDwLj2IeEnJgUoHr78EXJeMuSao1M.172bcf19c8a7a27accb5f57f4bad2c05

X-WAWS-UNENCODED-URL: /index.php?code=dcdd295c4f564de19688083392b94864c00b89c886a105588fc4eb4d41802a6a&scope=openid%20profile%20email&state=93daeb438841cfe26bcbcdf704713be6&session_state=VbEEGFNMn0MBLsvDwLj2IeEnJgUoHr78EXJeMuSao1M.172bcf19c8a7a27accb5f57f4bad2c05

UPGRADE-INSECURE-REQUESTS: 1

USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

MAX-FORWARDS: 10

HOST: testwikipedia.azurewebsites.net

COOKIE: ARRAffinity=6ead4a83a6a9761d78accae8cf5699013aa04f8402ecb000f3270e6379f09985; wikidb_session=os4et3nu4mgpac5pqldn5413dhl8omhv

ACCEPT-LANGUAGE: en-US,en;q=0.9

ACCEPT-ENCODING: gzip, deflate

ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

CONNECTION: Keep-Alive

CACHE-CONTROL: max-age=0

[caches] cluster: WinCacheBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: WinCacheBagOStuff, parser: WinCacheBagOStuff, session: WinCacheBagOStuff

[caches] LocalisationCache: using store LCStoreDB

[session] Session "os4et3nu4mgpac5pqldn5413dhl8omhv" requested without UserID cookie

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

"IPAddress": "203.122.45.58",

"UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/62.0.3202.94 Safari\/537.36",

"ChronologyProtection": false

}

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Connected to database 0 at 'us-cdbr-azure-central-a.cloudapp.net'.

[MessageCache] MessageCache::load: Loading en... local cache is empty, global cache is expired/volatile, loading from database

Title::getRestrictionTypes: applicable restrictions to Main Page are {edit,move}

[ContentHandler] Created handler for wikitext: WikitextContentHandler

Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->getParser

Parser: using preprocessor: Preprocessor_DOM

Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct

MediaWiki::preOutputCommit: primary transaction round committed

MediaWiki::preOutputCommit: pre-send deferred updates completed

MediaWiki::preOutputCommit: LBFactory shutdown completed

[error] [fa57be53839553f8b3565aee] /index.php?code=dcdd295c4f564de19688083392b94864c00b89c886a105588fc4eb4d41802a6a&scope=openid%20profile%20email&state=93daeb438841cfe26bcbcdf704713be6&session_state=VbEEGFNMn0MBLsvDwLj2IeEnJgUoHr78EXJeMuSao1M.172bcf19c8a7a27accb5f57f4bad2c05 ErrorException from line 3802 of D:\home\site\wwwroot\includes\OutputPage.php: PHP Warning: md5_file(D:\home\site\wwwroot/../resources/assets/wiki.png): failed to open stream: No such file or directory

[error] [fa57be53839553f8b3565aee] /index.php?code=dcdd295c4f564de19688083392b94864c00b89c886a105588fc4eb4d41802a6a&scope=openid%20profile%20email&state=93daeb438841cfe26bcbcdf704713be6&session_state=VbEEGFNMn0MBLsvDwLj2IeEnJgUoHr78EXJeMuSao1M.172bcf19c8a7a27accb5f57f4bad2c05 ErrorException from line 309 of D:\home\site\wwwroot\includes\debug\MWDebug.php: PHP Warning: OutputPage::transformFilePath: Failed to hash D:\home\site\wwwroot/../resources/assets/wiki.png [Called from OutputPage::transformFilePath in D:\home\site\wwwroot\includes\OutputPage.php at line 3804]

Here you can see the url sent is index.php without pluggable query string

And this below is the debug data when i use

http://testwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin

IP: 203.122.45.58

Start request GET /index.php?title=Main_Page

HTTP HEADERS:

CONTENT-TYPE: 

CONTENT-LENGTH: 0

X-FORWARDED-FOR: 203.122.45.58:28033

WAS-DEFAULT-HOSTNAME: testwikipedia.azurewebsites.net

X-SITE-DEPLOYMENT-ID: testwikipedia

DISGUISED-HOST: testwikipedia.azurewebsites.net

X-ARR-LOG-ID: 8cf54252-5590-47a2-8840-0028d52f24c2

X-ORIGINAL-URL: /index.php?title=Main_Page

X-WAWS-UNENCODED-URL: /index.php?title=Main_Page

UPGRADE-INSECURE-REQUESTS: 1

USER-AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

MAX-FORWARDS: 10

HOST: testwikipedia.azurewebsites.net

COOKIE: ARRAffinity=6ead4a83a6a9761d78accae8cf5699013aa04f8402ecb000f3270e6379f09985; wikidb_session=4iimblflo1jnv4he8fvjmar114lf5r6q; wikidbUserID=14; wikidbUserName=Kunal%40fieldassist.in

ACCEPT-LANGUAGE: en-US,en;q=0.9

ACCEPT-ENCODING: gzip, deflate

ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

CONNECTION: Keep-Alive

[caches] cluster: WinCacheBagOStuff, WAN: mediawiki-main-default, stash: db-replicated, message: WinCacheBagOStuff, parser: WinCacheBagOStuff, session: WinCacheBagOStuff

[caches] LocalisationCache: using store LCStoreDB

[DBReplication] Wikimedia\Rdbms\LBFactory::getChronologyProtector: using request info {

"IPAddress": "203.122.45.58",

"UserAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/62.0.3202.94 Safari\/537.36",

"ChronologyProtection": false

}

[DBConnection] Wikimedia\Rdbms\LoadBalancer::openConnection: calling initLB() before first connection.

[DBConnection] Connected to database 0 at 'us-cdbr-azure-central-a.cloudapp.net'.

Title::getRestrictionTypes: applicable restrictions to Main Page are {edit,move}

[ContentHandler] Created handler for wikitext: WikitextContentHandler

User: loading options for user 14 from override cache.

[MessageCache] MessageCache::load: Loading en... local cache is empty, got from global cache

Unstubbing $wgParser on call of $wgParser::firstCallInit from MessageCache->getParser

Parser: using preprocessor: Preprocessor_DOM

Unstubbing $wgLang on call of $wgLang::_unstub from ParserOptions->__construct

Article::view using parser cache: yes

Article::view: doing uncached parse

Saved in parser cache with key wikidb:pcache:idhash:4-0!*!*!*!*!*!* and timestamp 20171207103517 and revision id 4

MediaWiki::preOutputCommit: primary transaction round committed

MediaWiki::preOutputCommit: pre-send deferred updates completed

MediaWiki::preOutputCommit: LBFactory shutdown completed

[error] [55bb81c9fb38147786ffdcb1] /index.php?title=Main_Page ErrorException from line 46 of D:\home\site\wwwroot\includes\WebResponse.php: PHP Warning: Header may not contain more than a single header, new line detected

Title::getRestrictionTypes: applicable restrictions to Main Page are {edit,move}

User: loading options for user 14 from override cache.

[CryptRand] mcrypt_create_iv generated 16 bytes of randomness.

[CryptRand] 0 bytes of randomness leftover in the buffer.

[session] SessionBackend "4iimblflo1jnv4he8fvjmar114lf5r6q" data dirty due to dirty(): User->getEditToken/User->getEditTokenObject/MediaWiki\Session\Session->getToken/MediaWiki\Session\Session->set/MediaWiki\Session\SessionBackend->dirty

[session] SessionBackend "4iimblflo1jnv4he8fvjmar114lf5r6q" save: dataDirty=1 metaDirty=0 forcePersist=0

So, reading back through the information above, if I understand correctly, the problem that you are having is that when you click on the login link on the wiki, you are redirected to the azure server for authentication. But, when the azure server redirects back to the wiki, it does not redirect to Special:PluggableAuthLogin. That seems to indicate a problem with the configuration of the callback URL in the azure server. The redirect URL of Special:PluggableAuthLogin is not part of the request, but rather is something that needs to be configured in the identity server. For example, see step 5 of Example:_Google_as_an_Issuer.

Hi Cindy ,

But auth server is configured correctly.

......

new Client {

                    ClientId = "wiki",

                    ClientName="wiki",

                    AllowedScopes = new List<string> {

                        StandardScopes.Email,

                        StandardScopes.OpenId,

                        StandardScopes.Profile

                        },

                    AllowedGrantTypes = GrantTypes.Code,

                    RedirectUris = new List<string>{"http://testwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin","http://testwikipedia.azurewebsites.net/index.php"},

                    //ClientUri=""//Annonymous Action Page with some Details about CLient

                    //LogoUri=$"{BasePortalManageURL}/Content/Logo_3.png",

                    RequireConsent = false,

                    AllowRememberConsent = false,

                    RequireClientSecret=false,

                    ClientSecrets=new List<Secret>{ new Secret { Value= "wikisecret" } },

                    AlwaysIncludeUserClaimsInIdToken=true,

                    AccessTokenType = AccessTokenType.Jwt,

                    //PostLogoutRedirectUris = new List<string>{_basePortalLocalURL,BasePortalManageURL,_basePortalDebugURL},

                }

.....

still when using login button its throwing error.

But when using

http://testwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin - its working fine.

LocalSettings.php

...

$wgOpenIDConnect_Config['https://login.xxxxxxx.io'] = [

    'clientID' => 'wiki',

    'clientsecret' => 'wikisecret',

'scope' => [ 'openid', 'profile', 'email' ]

];

...

Please help me with this.

Am I understanding correctly that the redirect to the azure identity server is happening correctly, but the redirect back to Special:PluggableAuthLogin is not? That would indicate that the redirect in the identity server is incorrect. Above, I see:

> RedirectUris = new List<string>{"http://testwikipedia.azurewebsites.net/index.php/Special:PluggableAuthLogin","http://testwikipedia.azurewebsites.net/index.php"},

why are there two values in the list? It is a pure guess, but the second value without Special:PluggableAuthLogin could be causing your problem.

If I am not giving the second url then I won't be coming to the wiki page.It will be throwing unauthorised client.

So I added that to see what am I getting in wiki debug.

But ideally server should only be having the url with pluggable query string.

So now I am completely stucked.dont know how to proceed further.

Please guide me in some right path.

I wish I could help you, but the problem appears to be in the server configuration. Perhaps there is a mailing list with help in configuring that identity server? Maybe @Cesar culot who added the Azure ADFS information to the extension page could help?